Jetbrains: >> Teamcity >> 2.0 Security Vulnerabilities
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-08-08
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-08
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-08-08
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVSS Score
2.7
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-04-22
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVSS Score
6.5
EPSS Score
0.0
Published
2020-04-22