CVSS: 5.9EPSS: %CPEs: 1EXPL: 0CVE-2024-56356
https://notcve.org/view.php?id=CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.6EPSS: %CPEs: 1EXPL: 0CVE-2024-56355
https://notcve.org/view.php?id=CVE-2024-56355
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2024-56354
https://notcve.org/view.php?id=CVE-2024-56354
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: %CPEs: 1EXPL: 0CVE-2024-56353
https://notcve.org/view.php?id=CVE-2024-56353
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 4.6EPSS: %CPEs: 1EXPL: 0CVE-2024-56352
https://notcve.org/view.php?id=CVE-2024-56352
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •