Show filters
456 Total Results
Displaying 21-30 of 456
Sort by:
Attacker Value
Unknown

CVE-2024-56350

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56349

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-56348

Disclosure Date: December 20, 2024 (last updated January 07, 2025)
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54158

Disclosure Date: December 04, 2024 (last updated January 31, 2025)
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54157

Disclosure Date: December 04, 2024 (last updated January 31, 2025)
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54156

Disclosure Date: December 04, 2024 (last updated January 31, 2025)
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54155

Disclosure Date: December 04, 2024 (last updated February 01, 2025)
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54154

Disclosure Date: December 04, 2024 (last updated February 01, 2025)
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-54153

Disclosure Date: December 04, 2024 (last updated February 01, 2025)
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-52555

Disclosure Date: November 15, 2024 (last updated February 01, 2025)
In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >