Exploit for Server-Side Request Forgery in Jetbrains Teamcity

TeamCity IntelliJ IDEA Plugin credential interception CVE-20...

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions...

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

Snyk CLI affected by Command Injection vulnerability

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

GHSA-HPQJ-7CJ6-HFJ8 Snyk CLI affected by Command Injection vulnerability

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

Command injection

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

PT-2022-25524 · Snyk +1 · Snyk-Go-Plugin +5

Name of the Vulnerable Software and Affected Versions: Snyk CLI versions prior to 1.996.0 snyk-go-plugin versions prior to 1.19.1 Snyk TeamCity plugin versions prior to 20220930.142957 Description: The issue allows for arbitrary command execution, affecting Snyk IDE plugins and the snyk npm...

Command Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on t...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

JetBrains TeamCity Plugin Changed Permission Check Implementation Error Vulnerability

TeamCity is a Java-based build management and continuous integration server from JetBrains. A vulnerability exists in JetBrains TeamCity versions prior to 2020.2.2 in the implementation error of permission checking for plugin changes. No detailed vulnerability details are provided at this time...

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions...

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions...

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions...

CVE-2021-26309

CVE-2021-26309 is an information-disclosure vulnerability affecting the JetBrains TeamCity IntelliJ plugin prior to 2020.2.2.85899. The root cause is insecure permissions on a local temporary file, enabling an information-disclosure scenario. The Red Hat, NVD, CNVD, and CVE-listed records corrobo...

CVE-2021-26310

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible...