In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
Source: JetBrains s.r.o.
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-05-16
Updated
2024-05-16
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
Source: JetBrains s.r.o.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-05-16
Updated
2024-05-16
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
Source: JetBrains s.r.o.
Max CVSS
3.5
EPSS Score
0.04%
Published
2024-05-16
Updated
2024-05-16
In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation
Source: JetBrains s.r.o.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-05-16
Updated
2024-05-16
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
Source: JetBrains s.r.o.
Max CVSS
4.1
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Source: JetBrains s.r.o.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Source: JetBrains s.r.o.
Max CVSS
5.4
EPSS Score
0.06%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Source: JetBrains s.r.o.
Max CVSS
6.8
EPSS Score
0.05%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
Source: JetBrains s.r.o.
Max CVSS
7.4
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Source: JetBrains s.r.o.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-03-28
Updated
2024-04-08
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
Source: JetBrains s.r.o.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-28
Updated
2024-03-28
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
Source: JetBrains s.r.o.
Max CVSS
4.2
EPSS Score
0.04%
Published
2024-03-21
Updated
2024-03-21
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
Source: JetBrains s.r.o.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
Source: JetBrains s.r.o.
Max CVSS
6.5
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
Source: JetBrains s.r.o.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-03-07
Updated
2024-03-07
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
Source: JetBrains s.r.o.
Max CVSS
5.8
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
Source: JetBrains s.r.o.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-06
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Source: JetBrains s.r.o.
Max CVSS
7.3
EPSS Score
0.90%
Published
2024-03-04
Updated
2024-03-11

CVE-2024-27198

Known exploited
Public exploit
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Source: JetBrains s.r.o.
Max CVSS
9.8
EPSS Score
97.21%
Published
2024-03-04
Updated
2024-05-23
CISA KEV Added
2024-03-07
In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image
Source: JetBrains s.r.o.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Source: JetBrains s.r.o.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL
Source: JetBrains s.r.o.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
Source: JetBrains s.r.o.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-07
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Source: JetBrains s.r.o.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Source: JetBrains s.r.o.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-02-09
128 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!