CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41828
https://notcve.org/view.php?id=CVE-2024-41828
22 Jul 2024 — In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time En JetBrains TeamCity antes de 2024.07, la comparación de tokens de autorización no llevaba un tiempo constante • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-208: Observable Timing Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41827
https://notcve.org/view.php?id=CVE-2024-41827
22 Jul 2024 — In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration En JetBrains TeamCity antes de 2024.07, los tokens de acceso podían seguir funcionando después de su eliminación o vencimiento • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-613: Insufficient Session Expiration •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41826
https://notcve.org/view.php?id=CVE-2024-41826
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la página Show Connection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 36%CPEs: 1EXPL: 0CVE-2024-41825
https://notcve.org/view.php?id=CVE-2024-41825
22 Jul 2024 — In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab En JetBrains TeamCity antes de 2024.07, era posible el XSS almacenado en la pestaña Code Inspection • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41824
https://notcve.org/view.php?id=CVE-2024-41824
22 Jul 2024 — In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases En JetBrains TeamCity antes de 2024.07, los parámetros del tipo "password" podían filtrarse en el registro de compilación en algunos casos específicos. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39879
https://notcve.org/view.php?id=CVE-2024-39879
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings En JetBrains TeamCity antes de 2024.03.3, el token de aplicación podía exponerse en la configuración del perfil de nube EC2 • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39878
https://notcve.org/view.php?id=CVE-2024-39878
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection En JetBrains TeamCity antes de 2024.03.3, la clave privada podía exponerse mediante la prueba de conexión de la aplicación GitHub • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38507
https://notcve.org/view.php?id=CVE-2024-38507
18 Jun 2024 — In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible En JetBrains Hub antes de 2024.2.34646 era posible XSS Almacenado a través de la descripción del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38506
https://notcve.org/view.php?id=CVE-2024-38506
18 Jun 2024 — In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows En JetBrains YouTrack anterior a 2024.2.34646, el usuario sin los permisos adecuados podía habilitar la opción de conexión automática para flujos de trabajo • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38505
https://notcve.org/view.php?id=CVE-2024-38505
18 Jun 2024 — In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site En JetBrains YouTrack antes de 2024.2.34646 se enviaba el token de acceso del usuario al sitio de terceros • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •