Jetbrains: >> Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-30
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVSS Score
4.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-10-31
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-31
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVSS Score
7.2
EPSS Score
0.0
Published
2019-10-02
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-10-02
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVSS Score
9.8
EPSS Score
0.0
Published
2019-10-02