CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39879
https://notcve.org/view.php?id=CVE-2024-39879
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings En JetBrains TeamCity antes de 2024.03.3, el token de aplicación podía exponerse en la configuración del perfil de nube EC2 • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39878
https://notcve.org/view.php?id=CVE-2024-39878
01 Jul 2024 — In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection En JetBrains TeamCity antes de 2024.03.3, la clave privada podía exponerse mediante la prueba de conexión de la aplicación GitHub • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38507
https://notcve.org/view.php?id=CVE-2024-38507
18 Jun 2024 — In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible En JetBrains Hub antes de 2024.2.34646 era posible XSS Almacenado a través de la descripción del proyecto • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38506
https://notcve.org/view.php?id=CVE-2024-38506
18 Jun 2024 — In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows En JetBrains YouTrack anterior a 2024.2.34646, el usuario sin los permisos adecuados podía habilitar la opción de conexión automática para flujos de trabajo • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38505
https://notcve.org/view.php?id=CVE-2024-38505
18 Jun 2024 — In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site En JetBrains YouTrack antes de 2024.2.34646 se enviaba el token de acceso del usuario al sitio de terceros • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38504
https://notcve.org/view.php?id=CVE-2024-38504
18 Jun 2024 — In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles En JetBrains YouTrack antes de 2024.2.34646, la cuenta de usuario invitado estaba habilitada para adjuntar archivos a artículos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 1%CPEs: 44EXPL: 2CVE-2024-37051
https://notcve.org/view.php?id=CVE-2024-37051
10 Jun 2024 — GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; DataGrip 2023.1.3, 2023.2.4, 2023.3.5, 2024.1.4; DataSpell 2023.1.6, 2023.2.7, 2023.3.6, 2024.1.2, 2024.2 EAP1; GoLand 2023.1.6, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; MPS 2023.2.1, 2023.3.1, 2024.1 EAP2; PhpStorm 2023.1.6, 2023.2.6, 2023.3.7, 2024.1.3, 2... • https://github.com/LeadroyaL/CVE-2024-37051-EXP • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36470
https://notcve.org/view.php?id=CVE-2024-36470
29 May 2024 — In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases En JetBrains TeamCity antes de 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 la omisión de autenticación era posible en casos extremos específicos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36378
https://notcve.org/view.php?id=CVE-2024-36378
29 May 2024 — In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens En JetBrains TeamCity antes de 2024.03.2, el servidor era susceptible a ataques DoS con tokens de autenticación incorrectos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36377
https://notcve.org/view.php?id=CVE-2024-36377
29 May 2024 — In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions En JetBrains TeamCity antes de 2024.03.2, ciertos endpoints de la API de TeamCity no verificaban los permisos de usuario • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •