CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50574
https://notcve.org/view.php?id=CVE-2024-50574
28 Oct 2024 — In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50573
https://notcve.org/view.php?id=CVE-2024-50573
28 Oct 2024 — In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49580
https://notcve.org/view.php?id=CVE-2024-49580
17 Oct 2024 — In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49579
https://notcve.org/view.php?id=CVE-2024-49579
17 Oct 2024 — In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48902
https://notcve.org/view.php?id=CVE-2024-48902
10 Oct 2024 — In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47951
https://notcve.org/view.php?id=CVE-2024-47951
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47950
https://notcve.org/view.php?id=CVE-2024-47950
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47949
https://notcve.org/view.php?id=CVE-2024-47949
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47948
https://notcve.org/view.php?id=CVE-2024-47948
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47161
https://notcve.org/view.php?id=CVE-2024-47161
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •