Show filters
211 Total Results
Displaying 81-90 of 211
Sort by:
Attacker Value
Unknown

CVE-2023-38066

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-38065

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-38064

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-38063

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-38062

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-38061

Disclosure Date: July 12, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-1313

Disclosure Date: June 29, 2023 (last updated October 08, 2023)
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34229

Disclosure Date: May 31, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-34228

Disclosure Date: May 31, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34227

Disclosure Date: May 31, 2023 (last updated October 08, 2023)
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >