Search Results | AttackerKB

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-29880

Disclosure Date: March 21, 2024 (last updated December 18, 2024)

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

Attack Vector: Local Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-28174

Disclosure Date: March 06, 2024 (last updated December 18, 2024)

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-28173

Disclosure Date: March 06, 2024 (last updated December 18, 2024)

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2024-24938

Disclosure Date: February 06, 2024 (last updated February 09, 2024)

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-24937

Disclosure Date: February 06, 2024 (last updated February 09, 2024)

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

Attack Vector: Network Privileges: Low User Interaction: Required

211 Total Results

Displaying 61-70 of 211

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification