Jetbrains: >> Teamcity >> 2.0 Security Vulnerabilities
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVSS Score
5.4
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-31
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02