Show filters
456 Total Results
Displaying 41-50 of 456
Sort by:
Attacker Value
Unknown

CVE-2024-49580

Disclosure Date: October 17, 2024 (last updated December 06, 2024)
In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-49579

Disclosure Date: October 17, 2024 (last updated November 15, 2024)
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-48902

Disclosure Date: October 10, 2024 (last updated October 17, 2024)
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47951

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-47950

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-47949

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47948

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47161

Disclosure Date: October 08, 2024 (last updated October 12, 2024)
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47162

Disclosure Date: September 19, 2024 (last updated September 25, 2024)
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-47160

Disclosure Date: September 19, 2024 (last updated September 25, 2024)
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >