Search Results | AttackerKB

Show filters

Topics 456 Users 9,706

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

456 Total Results

Displaying 1-10 of 456

Attacker Value

Very High

CVE-2023-42793

Disclosure Date: September 19, 2023 (last updated December 18, 2024)

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Attack Vector: Network Privileges: None User Interaction: None

7

Attacker Value

Very High

CVE-2024-27198

Disclosure Date: March 04, 2024 (last updated March 06, 2024)

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Attack Vector: Network Privileges: None User Interaction: None

5

Attacker Value

Moderate

CVE-2024-27199

Disclosure Date: March 04, 2024 (last updated December 18, 2024)

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Attack Vector: Network Privileges: None User Interaction: None

3

Attacker Value

Very Low

CVE-2024-24942

Disclosure Date: February 06, 2024 (last updated February 09, 2024)

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

Attack Vector: Network Privileges: None User Interaction: None

2

Attacker Value

Unknown

CVE-2024-23917

Disclosure Date: February 06, 2024 (last updated February 09, 2024)

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Attack Vector: Network Privileges: None User Interaction: None

1

Attacker Value

Unknown

CVE-2025-26493

Disclosure Date: February 11, 2025 (last updated February 12, 2025)

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

0

Attacker Value

Unknown

CVE-2025-26492

Disclosure Date: February 11, 2025 (last updated February 12, 2025)

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

0

Attacker Value

Unknown

CVE-2025-23385

Disclosure Date: January 28, 2025 (last updated January 29, 2025)

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

0

Attacker Value

Unknown

CVE-2025-24461

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2025-24460

Disclosure Date: January 21, 2025 (last updated January 31, 2025)

In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool

Attack Vector: Network Privileges: Low User Interaction: None

0