EUVD-2024-25304

Malicious code in bioql PyPI...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

GHSA-5XR6-XHWW-33M4 Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

Artifact poisoning vulnerability in action-download-artifact v5 and earlier

Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...

JetBrains TeamCity Authorization Issues Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

Code injection

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

CVE-2024-28174

CVE-2024-28174 affects JetBrains TeamCity (pre-2023.11.4) via the S3 Artifact Storage plugin. The root cause is improper authorization of presigned URL generation requests, allowing a remote attacker to bypass existing security restrictions. The public descriptions consistently state the issue af...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity has an authorization issue...

PT-2024-2098 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.4 Description: The issue is related to improper authorization of presigned URL generation requests in the S3 Artifact Storage plugin. This could allow a remote attacker to bypass existing security...

TeamCity Server < 2023.11.2 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.2. It is, therefore, affected by multiple vulnerabilities: - Access control at the S3 Artifact Storage plugin endpoint was missed CVE-2024-24936 - Stored X...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

Code injection

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed...

CVE-2024-24936

JetBrains TeamCity Server prior to 2023.11.2 is affected by CVE-2024-24936 due to missing access control at the S3 Artifact Storage plugin endpoint. The vulnerability allows unauthorized access at that endpoint (root cause: improper access control). A patch is available: upgrade to 2023.11.2 or l...