Vulnerabilities > Jetbrains > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-16 CVE-2024-35301 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
network
low complexity
jetbrains
5.5
5.5
2024-05-16 CVE-2024-35302 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2024-03-28 CVE-2024-31134 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
network
low complexity
jetbrains CWE-863
6.5
6.5
2024-03-28 CVE-2024-31135 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
network
low complexity
jetbrains CWE-601
6.1
6.1
2024-03-28 CVE-2024-31137 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
network
low complexity
jetbrains CWE-79
6.1
6.1
2024-03-28 CVE-2024-31138 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
network
low complexity
jetbrains CWE-79
5.4
5.4
2024-03-28 CVE-2024-31140 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
network
low complexity
jetbrains
4.9
4.9
2024-03-07 CVE-2024-28228 Authentication Bypass by Spoofing vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible
network
low complexity
jetbrains CWE-290
5.3
5.3
2024-03-07 CVE-2024-28229 Incorrect Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles
network
low complexity
jetbrains CWE-863
6.5
6.5
2024-03-07 CVE-2024-28230 Missing Authorization vulnerability in Jetbrains Youtrack
In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions
network
low complexity
jetbrains CWE-862
6.5
6.5