Jetbrains: >> Teamcity >> 2019.1.1 Security Vulnerabilities
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-31
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-09-05
Page 22