CVE-2024-47951
published 2024-10-08CVE-2024-47951: In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
1.43%
69.7th percentile
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2024.07.3 | 2024.07.3 |
| openstack | nova | 0 – 27.4.0 | — |
| openstack | nova | 28.0.0 – 28.2.0 | — |
| openstack | nova | 29.0.0 – 29.1.0 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.7MEDIUM
vendor_redhat5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r66g-ppwv-4vgw: In JetBrains TeamCity before 2024
ghsa_unreviewed·2024-10-08
CVE-2024-47951 [LOW] CWE-79 GHSA-r66g-ppwv-4vgw: In JetBrains TeamCity before 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
GHSA
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
ghsa·2024-07-24·CVSS 5.7
CVE-2024-40767 [MEDIUM] CWE-436 OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
Red Hat
openstack-nova: Regression VMDK/qcow arbitrary file access
vendor_redhat·2024-07-23·CVSS 5.7
CVE-2024-40767 [MEDIUM] CWE-552 openstack-nova: Regression VMDK/qcow arbitrary file access
openstack-nova: Regression VMDK/qcow arbitrary file access
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.
An arbitrary file access flaw was found in Nova. By supplying a RAW format image, a specially crafted QCOW2 image with a backing file path, or a VMDK flat image with a descriptor file path, an authenticated user may conv
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-08
Published