CVE-2024-47951
https://notcve.org/view.php?id=CVE-2024-47951
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-47950
https://notcve.org/view.php?id=CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-47949
https://notcve.org/view.php?id=CVE-2024-47949
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVE-2024-47948
https://notcve.org/view.php?id=CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-23: Relative Path Traversal •
CVE-2024-47161
https://notcve.org/view.php?id=CVE-2024-47161
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •