Search Results | AttackerKB

Show filters

Topics 456 Users 9,707

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

456 Total Results

Displaying 11-20 of 456

Attacker Value

Unknown

CVE-2025-24459

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2025-24458

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration

Attack Vector: Local Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2025-24457

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains YouTrack before 2024.3.55417 permanent tokens could be exposed in logs

Attack Vector: Local Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2025-24456

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2024-56356

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2024-56355

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-56354

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2024-56353

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2024-56352

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2024-56351

Disclosure Date: December 20, 2024 (last updated January 07, 2025)

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

Attack Vector: Network Privileges: Low User Interaction: None

0