CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47162
https://notcve.org/view.php?id=CVE-2024-47162
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47160
https://notcve.org/view.php?id=CVE-2024-47160
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47159
https://notcve.org/view.php?id=CVE-2024-47159
19 Sep 2024 — In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46970
https://notcve.org/view.php?id=CVE-2024-46970
16 Sep 2024 — In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyección de HTML a través del nombre del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 15%CPEs: 1EXPL: 0CVE-2024-43810
https://notcve.org/view.php?id=CVE-2024-43810
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43809
https://notcve.org/view.php?id=CVE-2024-43809
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43808
https://notcve.org/view.php?id=CVE-2024-43808
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 5%CPEs: 1EXPL: 0CVE-2024-43807
https://notcve.org/view.php?id=CVE-2024-43807
16 Aug 2024 — In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43114
https://notcve.org/view.php?id=CVE-2024-43114
06 Aug 2024 — In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41829
https://notcve.org/view.php?id=CVE-2024-41829
22 Jul 2024 — In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection En JetBrains TeamCity antes de 2024.07, se podía robar un código OAuth para JetBrains Space a través de la conexión de Space Application. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-303: Incorrect Implementation of Authentication Algorithm •