70 matches found
EUVD-2026-40442
Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...
CVE-2026-56229
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-56229 Capgo - Cross-App Build Job Access via app_id/job_id Mismatch in /build/status and /build/logs
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
EUVD-2026-38164
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-56229
Capgo before 12.128.2 contains an authorization bypass vulnerability in the /build/status and /build/logs endpoints that allows attackers to access build jobs belonging to different applications by supplying a mismatched appid and jobid combination. Limited API keys restricted to a single app can...
CVE-2026-56229
Capgo before 12.128.2 has an authorization bypass in /build/status and /build/logs that lets an attacker access build jobs from other apps by mixing app_id and job_id. Limited API keys scoped to one app can read status/logs across apps by using an authorized app_id with a job_id from another app,...
PT-2026-51218
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An authorization bypass exists in the '/build/status' and '/build/logs' endpoints. Attackers can access build jobs belonging to different applications by providing a mismatched app id and job id...
CVE-2026-10276
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities
The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...
CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
EUVD-2026-33380
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...
CVE-2026-49372
CVE-2026-49372 affects JetBrains TeamCity prior to 2026.1, with an unauthenticated SSRF via build status disclosed (noted as of 2025.11.5). The available sources confirm the vulnerability class (SSRF) and the affected product/version window, but do not provide patch details or remediation steps i...
PT-2026-44952
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1 JetBrains TeamCity version 2025.11.5 Description An unauthenticated Server-Side Request Forgery SSRF is possible via the build status. SSRF is a flaw that allows an attacker to induce the server-side...
EUVD-2012-1131
Malware in sbrugna...
EUVD-2019-15045
Malware in sbrugna...