{"vulnerability": "cve-2024-36365", "sightings": [{"uuid": "b7d636dd-89cd-455c-a57d-1e933271bc87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36365", "type": "seen", "source": "Telegram/DASdBAzd_yFqiCt-TEWD5i84DOJh0xCyfOR9Q_3VL29Y", "content": "", "creation_timestamp": "2024-05-29T18:53:28.000000Z"}, {"uuid": "39cbb092-fd8e-4b4d-a56d-308878c7fd66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36365", "type": "seen", "source": "https://t.me/DARK_SPOT_TEAM/581", "content": "\ud83d\udea8 CVE-2024-36362\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible\n\n\ud83d\udea8 CVE-2024-36363\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 several Stored XSS in code inspection reports were possible\n\n\n\n\ud83d\udea8 CVE-2024-36364\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible\n\n\n\n\ud83d\udea8 CVE-2024-36365\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent\n\n\n\n\ud83d\udea8 CVE-2024-36366\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations\n\n\n\n\ud83d\udea8 CVE-2024-36367\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via third-party reports was possible\n\n\n\n\ud83d\udea8 CVE-2024-36368\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 reflected XSS via OAuth provider configuration was possible\n\n\n\n\ud83d\udea8 CVE-2024-36369\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via issue tracker integration was possible\n\n\n\n\ud83d\udea8 CVE-2024-36370\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via OAuth connection settings was possible\n\n\n\ud83d\udea8 CVE-2024-36371\nIn JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit status publisher was possible\n\n\n\ud83d\udea8 CVE-2024-36372\nIn JetBrains TeamCity before 2023.05.5 reflected XSS on the subscriptions page was possible\n\n\n\ud83d\udea8 CVE-2024-36373\nIn JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible", "creation_timestamp": "2024-05-29T18:53:28.000000Z"}, {"uuid": "106532ba-1af2-4435-9714-cd29ca813734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-36365", "type": "seen", "source": "https://t.me/ZeroEthical_Course/320", "content": "\ud83d\udea8 CVE-2024-36362\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible\n\n\ud83d\udea8 CVE-2024-36363\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 several Stored XSS in code inspection reports were possible\n\n\n\n\ud83d\udea8 CVE-2024-36364\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible\n\n\n\n\ud83d\udea8 CVE-2024-36365\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent\n\n\n\n\ud83d\udea8 CVE-2024-36366\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations\n\n\n\n\ud83d\udea8 CVE-2024-36367\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via third-party reports was possible\n\n\n\n\ud83d\udea8 CVE-2024-36368\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 reflected XSS via OAuth provider configuration was possible\n\n\n\n\ud83d\udea8 CVE-2024-36369\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via issue tracker integration was possible\n\n\n\n\ud83d\udea8 CVE-2024-36370\nIn JetBrains TeamCity before 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5 stored XSS via OAuth connection settings was possible\n\n\n\ud83d\udea8 CVE-2024-36371\nIn JetBrains TeamCity before 2023.05.5, 2023.11.5 stored XSS in Commit status publisher was possible\n\n\n\ud83d\udea8 CVE-2024-36372\nIn JetBrains TeamCity before 2023.05.5 reflected XSS on the subscriptions page was possible\n\n\n\ud83d\udea8 CVE-2024-36373\nIn JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible\n\n\ud83d\udcda ZeroEthical Course \ud83d\udc8e", "creation_timestamp": "2024-06-05T05:59:45.000000Z"}]}