Jetbrains: >> Teamcity >> 9.1.4 Security Vulnerabilities
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-31
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-07-03
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-07-03
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-07-03
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-07-03
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-07-03
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-07-03