Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-41827

Summary
Assigner-JetBrains
Assigner Org ID-547ada31-17d8-4964-bc5f-1b8238ba8014
Published At-22 Jul, 2024 | 14:50
Updated At-02 Aug, 2024 | 04:46
Rejected At-
Credits

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:JetBrains
Assigner Org ID:547ada31-17d8-4964-bc5f-1b8238ba8014
Published At:22 Jul, 2024 | 14:50
Updated At:02 Aug, 2024 | 04:46
Rejected At:
▼CVE Numbering Authority (CNA)

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

Affected Products
Vendor
JetBrains s.r.o.JetBrains
Product
TeamCity
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.07 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-613
Type: N/A
CWE ID: N/A
Description: CWE-613
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
N/A
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
JetBrains s.r.o.jetbrains
Product
teamcity
CPEs
  • cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before 2024.07 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.jetbrains.com/privacy-security/issues-fixed/
x_transferred
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@jetbrains.com
Published At:22 Jul, 2024 | 15:15
Updated At:07 Aug, 2024 | 20:44

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
JetBrains s.r.o.
jetbrains
>>teamcity>>Versions before 2024.07(exclusive)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-613Primarynvd@nist.gov
CWE-613Secondarycve@jetbrains.com
CWE ID: CWE-613
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-613
Type: Secondary
Source: cve@jetbrains.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.jetbrains.com/privacy-security/issues-fixed/cve@jetbrains.com
Vendor Advisory
Hyperlink: https://www.jetbrains.com/privacy-security/issues-fixed/
Source: cve@jetbrains.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

100Records found
CVE-2021-36209
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.17%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:19
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13389, account takeover was possible during password reset.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2024-27198
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.58% / 100.00%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 17:21
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-28||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-23917
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.30% / 99.94%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 09:21
Updated-01 Aug, 2024 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48342
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-5.2||MEDIUM
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-23 Feb, 2023 | 15:44
Updated-12 Mar, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-54530
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-28 Jul, 2025 | 16:20
Updated-31 Jul, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-37544
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 2.03%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 13:23
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-51655
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 09:57
Updated-02 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration

Action-Not Available
Vendor-JetBrains s.r.o.
Product-intellij_ideaIntelliJ IDEA
CWE ID-CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2021-31915
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:12
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-31914
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 10.79%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:11
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

Action-Not Available
Vendor-n/aMicrosoft CorporationJetBrains s.r.o.
Product-windowsteamcityn/a
CVE-2021-31897
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.88%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 12:19
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormn/a
CVE-2021-25770
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 2.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2021 | 15:31
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-42793
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.8||CRITICAL
EPSS-94.58% / 100.00%
||
7 Day CHG~0.00%
Published-19 Sep, 2023 | 16:57
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-25||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityTeamCity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-48477
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-4.1||MEDIUM
EPSS-0.00% / 0.04%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 12:21
Updated-04 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing

Action-Not Available
Vendor-JetBrains s.r.o.
Product-hubHub
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-11690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CVE-2022-24340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.19%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2022-25262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.51%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2022-25263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 3.84%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:59
Updated-03 Aug, 2024 | 04:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-45612
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.6||HIGH
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:20
Updated-19 Sep, 2024 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE

Action-Not Available
Vendor-JetBrains s.r.o.
Product-ktorKtorktor
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-45977
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:36
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-webstormpycharmintellij_ideaphpstormcliongolandrubyminen/a
CVE-2021-43200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:43
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.21%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:53
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-hubn/a
CVE-2022-24331
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2022-24442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.02% / 2.50%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 20:01
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-11796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the password authentication implementation was insecure.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-34218
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-9.1||CRITICAL
EPSS-0.00% / 0.03%
||
7 Day CHG~0.00%
Published-31 May, 2023 | 13:03
Updated-09 Jan, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-18364
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.35%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 14:54
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-43202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.20%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 15:21
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-43185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.37%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:32
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-43193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 1.79%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:49
Updated-04 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CVE-2021-31909
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.90%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:59
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2024-31136
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-7.4||HIGH
EPSS-0.00% / 0.14%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 15:07
Updated-16 Dec, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CVE-2019-15039
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.75%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 13:20
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-54154
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8||HIGH
EPSS-0.10% / 27.81%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 11:16
Updated-31 Jan, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox

Action-Not Available
Vendor-JetBrains s.r.o.
Product-youtrackYouTrackyoutrack
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-7904
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 17:01
Updated-04 Aug, 2024 | 09:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-intellij_idean/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-12736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 5.72%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:48
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-ktorn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-12157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-02 Oct, 2019 | 18:51
Updated-04 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityupsourcen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-36470
Matching Score-8
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-8
Assigner-JetBrains s.r.o.
CVSS Score-8.1||HIGH
EPSS-0.00% / 0.05%
||
7 Day CHG~0.00%
Published-29 May, 2024 | 13:29
Updated-07 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCityteamcity
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-25207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.19%
||
7 Day CHG~0.00%
Published-16 Nov, 2020 | 15:01
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-toolboxn/a
CVE-2024-56351
Matching Score-6
Assigner-JetBrains s.r.o.
ShareView Details
Matching Score-6
Assigner-JetBrains s.r.o.
CVSS Score-6.3||MEDIUM
EPSS-0.07% / 22.62%
||
7 Day CHG+0.01%
Published-20 Dec, 2024 | 14:11
Updated-02 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

Action-Not Available
Vendor-JetBrains s.r.o.
Product-teamcityTeamCity
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-11795
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.08%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains Space through 2020-04-22, the session timeout period was configured improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-spacen/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-24332
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-24341
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2020-11688
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.16%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 13:52
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-38823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.43%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 13:47
Updated-04 Aug, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

Action-Not Available
Vendor-icehrmn/a
Product-icehrmn/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-1788
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.96%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Session Expiration in firefly-iii/firefly-iii

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.

Action-Not Available
Vendor-firefly-iiifirefly-iii
Product-firefly_iiifirefly-iii/firefly-iii
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2023-1854
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.05% / 14.04%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 07:40
Updated-02 Aug, 2024 | 06:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Graduate Tracer System session expiration

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-tamparongj_03SourceCodester
Product-online_graduate_tracer_systemOnline Graduate Tracer Systemonline_graduate_tracer_system
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2016-11014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 62.43%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:26
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-27782
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7.7||HIGH
EPSS-0.71% / 71.34%
||
7 Day CHG+0.06%
Published-09 Jul, 2024 | 15:33
Updated-16 Aug, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiaiopsFortiAIOpsfortiaiops
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-25718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.11% / 30.73%
||
7 Day CHG~0.00%
Published-11 Feb, 2024 | 00:00
Updated-24 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.

Action-Not Available
Vendor-dropboxn/asamly
Product-samlyn/aelixr
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-47406
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 39.09%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed.

Action-Not Available
Vendor-change_password_for_frontend_users_projectn/a
Product-change_password_for_frontend_usersn/a
CWE ID-CWE-613
Insufficient Session Expiration
  • Previous
  • 1
  • 2
  • Next
Details not found