Jetbrains: Security Vulnerabilities
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
CVSS Score
4.6
EPSS Score
0.878
Published
2024-03-28
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-28
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVSS Score
4.2
EPSS Score
0.0
Published
2024-03-21
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-07
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
CVSS Score
6.5
EPSS Score
0.0
Published
2024-03-07
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
CVSS Score
5.3
EPSS Score
0.0
Published
2024-03-07
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
CVSS Score
4.3
EPSS Score
0.0
Published
2024-03-06
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
CVSS Score
5.8
EPSS Score
0.0
Published
2024-03-06
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Known exploited
CVSS Score
9.8
EPSS Score
0.946
Published
2024-03-04
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVSS Score
7.3
EPSS Score
0.945
Published
2024-03-04