In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-04
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
Max CVSS
4.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2019-11-07
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
Max CVSS
9.8
EPSS Score
1.28%
Published
2019-10-31
Updated
2019-11-01
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-10-31
Updated
2021-07-21
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-09-05
Updated
2019-09-18
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2019-10-07
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
Max CVSS
9.8
EPSS Score
16.94%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-10-01
Updated
2020-08-24
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
9.0
EPSS Score
0.17%
Published
2019-10-02
Updated
2019-10-03
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-10-01
Updated
2021-07-21
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
Max CVSS
4.3
EPSS Score
0.05%
Published
2019-07-03
Updated
2020-08-24
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
Max CVSS
5.3
EPSS Score
0.08%
Published
2019-07-03
Updated
2020-08-24
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-03
Updated
2020-08-24
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-07-03
Updated
2020-08-24
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
Max CVSS
6.1
EPSS Score
0.08%
Published
2019-07-03
Updated
2019-07-05
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-07-03
Updated
2019-07-09
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Max CVSS
10.0
EPSS Score
0.21%
Published
2019-10-02
Updated
2021-01-26
19 vulnerabilities found