CVE-2024-8810

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

CVE-2024-8810

A GitHub App installed in organizations could upgrade some permissions from read to write access without approval from an organization administrator. An attacker would require an account with administrator access to install a malicious GitHub App. This vulnerability affected all versions of GitHu...

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

CVE-2024-6337 Incorrect Authorization allows read access to issues in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pullrequestwrite: write permissions to read issue content inside a private repository. This was only exploitable via user access token and installation access...

The vulnerability of the CI/CD system’s registration data protection mechanism in TeamCity allows unauthorized access to closed keys by attackers.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of TeamCity in JetBrains is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to th...

CVE-2024-5816

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...

CVE-2024-5816 Improper authorization allows persistent access in GitHub Enterprise Server

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. This was only exploitable in public repositories while private repositories were not impacted. This...

CVE-2024-5816

CVE-2024-5816 – GitHub Enterprise Server : An Incorrect Authorization flaw allows a suspended GitHub App to retain access to repositories via a scoped user access token. Impact is limited to public repositories; private repos are not affected. Affected: all GitHub Enterprise Server versions prior...

JetBrains TeamCity < 2024.03.3 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.03.3. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection CVE-2024-39878...

JetBrains TeamCity Private Key Information Disclosure Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an information...

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection...

CVE-2024-39878

JetBrains TeamCity prior to 2024.03.3 is affected by CVE-2024-39878, where a private key could be exposed via testing GitHub App Connection. Publicly documented details indicate the issue stems from insufficient protection of registration data, enabling potential disclosure of private keys. Red H...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from an information...

PT-2024-4827 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.3 Description: The issue is related to insufficient protection of registration data in the continuous integration and delivery CI/CD system, allowing a remote attacker to gain unauthorized access t...

TeamCity Server < 2024.3.1 Multiple Vulnerabilities

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2024.3.1. It is, therefore, affected by multiple vulnerabilities: - several stored XSS in the available updates page are possible. CVE-2024-35300 - Commit status...

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token...