diff --git a/2024/12xxx/CVE-2024-12847.json b/2024/12xxx/CVE-2024-12847.json new file mode 100644 index 00000000000..f7d66b75b61 --- /dev/null +++ b/2024/12xxx/CVE-2024-12847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-12847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56348.json b/2024/56xxx/CVE-2024-56348.json new file mode 100644 index 00000000000..34cb658afa2 --- /dev/null +++ b/2024/56xxx/CVE-2024-56348.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56348", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56349.json b/2024/56xxx/CVE-2024-56349.json new file mode 100644 index 00000000000..6d5bfbe3eb4 --- /dev/null +++ b/2024/56xxx/CVE-2024-56349.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56349", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56350.json b/2024/56xxx/CVE-2024-56350.json new file mode 100644 index 00000000000..59984710be5 --- /dev/null +++ b/2024/56xxx/CVE-2024-56350.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56350", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863", + "cweId": "CWE-863" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56351.json b/2024/56xxx/CVE-2024-56351.json new file mode 100644 index 00000000000..c37d74f92a4 --- /dev/null +++ b/2024/56xxx/CVE-2024-56351.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56351", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56352.json b/2024/56xxx/CVE-2024-56352.json new file mode 100644 index 00000000000..b8b6fe8a201 --- /dev/null +++ b/2024/56xxx/CVE-2024-56352.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56352", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56353.json b/2024/56xxx/CVE-2024-56353.json new file mode 100644 index 00000000000..6043ef2c443 --- /dev/null +++ b/2024/56xxx/CVE-2024-56353.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56353", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-212", + "cweId": "CWE-212" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56354.json b/2024/56xxx/CVE-2024-56354.json new file mode 100644 index 00000000000..1790e74fe4b --- /dev/null +++ b/2024/56xxx/CVE-2024-56354.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56354", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522", + "cweId": "CWE-522" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56355.json b/2024/56xxx/CVE-2024-56355.json new file mode 100644 index 00000000000..e5f0862d0ef --- /dev/null +++ b/2024/56xxx/CVE-2024-56355.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56355", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56356.json b/2024/56xxx/CVE-2024-56356.json new file mode 100644 index 00000000000..eea2ac9e65a --- /dev/null +++ b/2024/56xxx/CVE-2024-56356.json @@ -0,0 +1,83 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2024-56356", + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "TeamCity", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N" + } + ] + } +} \ No newline at end of file