CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47951
https://notcve.org/view.php?id=CVE-2024-47951
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47950
https://notcve.org/view.php?id=CVE-2024-47950
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47949
https://notcve.org/view.php?id=CVE-2024-47949
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47948
https://notcve.org/view.php?id=CVE-2024-47948
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47161
https://notcve.org/view.php?id=CVE-2024-47161
08 Oct 2024 — In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47162
https://notcve.org/view.php?id=CVE-2024-47162
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47160
https://notcve.org/view.php?id=CVE-2024-47160
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47159
https://notcve.org/view.php?id=CVE-2024-47159
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46970
https://notcve.org/view.php?id=CVE-2024-46970
16 Sep 2024 — In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyección de HTML a través del nombre del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 15%CPEs: 1EXPL: 0CVE-2024-43810
https://notcve.org/view.php?id=CVE-2024-43810
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •