{"vulnerability": "CVE-2022-2433", "sightings": [{"uuid": "116e8cd3-2bce-4b50-bd3d-30c74645c37c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24336", "type": "seen", "source": "https://t.me/cibsecurity/38105", "content": "\u203c CVE-2022-24336 \u203c\n\nIn JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:15.000000Z"}, {"uuid": "5fad9382-a2c4-42fb-825a-1d1e2ae0c0b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24330", "type": "seen", "source": "https://t.me/cibsecurity/38102", "content": "\u203c CVE-2022-24330 \u203c\n\nIn JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:07.000000Z"}, {"uuid": "64ae8d4c-46f8-411c-88e7-a29e791f8030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24339", "type": "seen", "source": "https://t.me/cibsecurity/38093", "content": "\u203c CVE-2022-24339 \u203c\n\nJetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:47.000000Z"}, {"uuid": "2bdbedaa-edfb-411a-9af8-fe30243fb01f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24338", "type": "seen", "source": "https://t.me/cibsecurity/38090", "content": "\u203c CVE-2022-24338 \u203c\n\nJetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:40.000000Z"}, {"uuid": "083a2adb-7f5e-4374-a256-4bb5cb35e0ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24334", "type": "seen", "source": "https://t.me/cibsecurity/38089", "content": "\u203c CVE-2022-24334 \u203c\n\nIn JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:39.000000Z"}, {"uuid": "7e32f5f2-76e4-4225-8177-94bc971b5205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24333", "type": "seen", "source": "https://t.me/cibsecurity/38103", "content": "\u203c CVE-2022-24333 \u203c\n\nIn JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:11.000000Z"}, {"uuid": "338cad26-3e58-4e50-a1e1-7060318207b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24337", "type": "seen", "source": "https://t.me/cibsecurity/38100", "content": "\u203c CVE-2022-24337 \u203c\n\nIn JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:02.000000Z"}, {"uuid": "6d722e15-68a2-4a37-8178-74b9b1f5e54d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24331", "type": "seen", "source": "https://t.me/cibsecurity/38098", "content": "\u203c CVE-2022-24331 \u203c\n\nIn JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:59.000000Z"}, {"uuid": "5004d43c-3d68-4bdd-8e3b-0c13770b3d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24332", "type": "seen", "source": "https://t.me/cibsecurity/38096", "content": "\u203c CVE-2022-24332 \u203c\n\nIn JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:20:54.000000Z"}, {"uuid": "9c0a3829-939a-4620-a51e-f0e73a490f6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24335", "type": "seen", "source": "https://t.me/cibsecurity/38107", "content": "\u203c CVE-2022-24335 \u203c\n\nJetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-25T18:21:18.000000Z"}]}