Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-07-12	CVE-2023-38062	Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations network low complexity jetbrains	6.5
2023-07-12	CVE-2023-38063	Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible network low complexity jetbrains CWE-79	5.4
2023-07-12	CVE-2023-38064	Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log network low complexity jetbrains CWE-532	6.5
2023-07-12	CVE-2023-38065	Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible network low complexity jetbrains CWE-79	5.4
2023-07-12	CVE-2023-38066	Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads network low complexity jetbrains CWE-79	6.1
2023-07-12	CVE-2023-38067	Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log network low complexity jetbrains CWE-532	6.5
2023-06-29	CVE-2015-1313	Forced Browsing vulnerability in Jetbrains Teamcity JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. network low complexity jetbrains CWE-425	6.5
2023-06-12	CVE-2023-35054	Cross-site Scripting vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible network low complexity jetbrains CWE-79	5.4
2023-05-31	CVE-2023-34219	Incorrect Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API network low complexity jetbrains CWE-863	4.3
2023-05-31	CVE-2023-34220	Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible network low complexity jetbrains CWE-79	5.4