CVE-2022-24342
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
Source: CVE-2022-24342
[월:] 2022년 02월
CVE-2022-24341
CVE-2022-24341
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn’t terminate sessions of the edited user.
Source: CVE-2022-24341
CVE-2022-24344
CVE-2022-24344
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.
Source: CVE-2022-24344
CVE-2022-24343
CVE-2022-24343
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.
Source: CVE-2022-24343
CVE-2022-24339
CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
Source: CVE-2022-24339
CVE-2022-24345
CVE-2022-24345
In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible.
Source: CVE-2022-24345
CVE-2022-24346
CVE-2022-24346
In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible.
Source: CVE-2022-24346
CVE-2022-24337
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
Source: CVE-2022-24337
CVE-2022-24332
CVE-2022-24332
In JetBrains TeamCity before 2021.2, a logout action didn’t remove a Remember Me cookie.
Source: CVE-2022-24332
CVE-2022-24333
CVE-2022-24333
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
Source: CVE-2022-24333