CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24936
https://notcve.org/view.php?id=CVE-2024-24936
06 Feb 2024 — In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed En JetBrains TeamCity antes de 2023.11.2, se omitía el control de acceso en el endpoint del complemento S3 Artifact Storage • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50870
https://notcve.org/view.php?id=CVE-2023-50870
15 Dec 2023 — In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible En JetBrains TeamCity antes de 2023.11.1 era posible un CSRF al iniciar sesión • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43566
https://notcve.org/view.php?id=CVE-2023-43566
19 Sep 2023 — In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration En JetBrains TeamCity antes de 2023.05.4, era posible almacenar XSS durante la configuración de los nodos • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 17CVE-2023-42793 – JetBrains TeamCity Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-42793
19 Sep 2023 — In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible En JetBrains TeamCity antes de la versión 2023.05.4, era posible omitir la autenticación que conducía a RCE en TeamCity Server JetBrains TeamCity version 2023.05.3 suffers from a remote code execution vulnerability. JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. • https://packetstorm.news/files/id/174860 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41250
https://notcve.org/view.php?id=CVE-2023-41250
25 Aug 2023 — In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Reflejado durante el registro de usuario. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 81%CPEs: 1EXPL: 0CVE-2023-41249
https://notcve.org/view.php?id=CVE-2023-41249
25 Aug 2023 — In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Reflejado durante la copia de Build Step. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41248
https://notcve.org/view.php?id=CVE-2023-41248
25 Aug 2023 — In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration En TeamCity de JetBrains antes de 2023.05.3 era posible realizar un Cross-Site Scripting (XSS) Almacenado durante la configuración de Cloud Profiles. • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 12%CPEs: 1EXPL: 0CVE-2023-39175
https://notcve.org/view.php?id=CVE-2023-39175
25 Jul 2023 — In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39174
https://notcve.org/view.php?id=CVE-2023-39174
25 Jul 2023 — In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39173
https://notcve.org/view.php?id=CVE-2023-39173
25 Jul 2023 — In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-266: Incorrect Privilege Assignment •