CVE-2023-34225
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
Source: CVE-2023-34225
CVE-2023-34225
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
Source: CVE-2023-34225
CVE-2023-34224
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
Source: CVE-2023-34224
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Source: CVE-2023-34228
CVE-2023-34222
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
Source: CVE-2023-34222
CVE-2023-34221
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
Source: CVE-2023-34221
CVE-2023-34220
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
Source: CVE-2023-34220
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
Source: CVE-2023-34219
CVE-2023-34218
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
Source: CVE-2023-34218
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
Source: CVE-2023-34223
CVE-2023-33509
KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.
Source: CVE-2023-33509