CVE-2023-34219
- EPSS 0%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:47
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVE-2023-34220
- EPSS 7.72%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:47
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVE-2023-34221
- EPSS 0.08%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:47
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVE-2023-34222
- EPSS 0.03%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVE-2023-34223
- EPSS 0%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVE-2023-34224
- EPSS 0%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2023-34225
- EPSS 6.05%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVE-2023-34226
- EPSS 0.03%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVE-2023-34227
- EPSS 0%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2023-34228
- EPSS 0%
- Published 31.05.2023 14:15:10
- Last modified 21.11.2024 08:06:48
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions