| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-18657 |
74 |
|
|
2019-10-31 |
2019-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. |
|
2 |
CVE-2019-18656 |
79 |
|
XSS |
2019-10-31 |
2019-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. |
|
3 |
CVE-2019-18645 |
59 |
|
|
2019-10-31 |
2020-08-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The quarantine restoration function in Total Defense Anti-virus 11.5.2.28 is vulnerable to symbolic link attacks, allowing files to be written to privileged directories. |
|
4 |
CVE-2019-18644 |
367 |
|
|
2019-10-31 |
2019-11-01 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted. |
|
5 |
CVE-2019-18635 |
476 |
|
|
2019-10-30 |
2019-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Mooltipass Moolticute through v0.42.1 and v0.42.x-testing through v0.42.5-testing. There is a NULL pointer dereference in MPDevice_win.cpp. |
|
6 |
CVE-2019-18633 |
295 |
|
|
2019-10-30 |
2019-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. |
|
7 |
CVE-2019-18632 |
295 |
|
|
2019-10-30 |
2019-11-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. |
|
8 |
CVE-2019-18624 |
20 |
|
Bypass |
2019-10-29 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. |
|
9 |
CVE-2019-18612 |
200 |
|
+Info |
2019-10-29 |
2019-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information. |
|
10 |
CVE-2019-18611 |
200 |
|
+Info |
2019-10-29 |
2019-10-31 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API. |
|
11 |
CVE-2019-18608 |
20 |
|
|
2019-10-29 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. |
|
12 |
CVE-2019-18604 |
|
|
|
2019-10-29 |
2023-05-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled. |
|
13 |
CVE-2019-18603 |
908 |
|
+Info |
2019-10-29 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. |
|
14 |
CVE-2019-18602 |
908 |
|
|
2019-10-29 |
2022-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. |
|
15 |
CVE-2019-18601 |
502 |
|
DoS |
2019-10-29 |
2019-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. |
|
16 |
CVE-2019-18466 |
59 |
|
|
2019-10-28 |
2020-01-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host. |
|
17 |
CVE-2019-18465 |
306 |
|
|
2019-10-31 |
2019-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Progress MOVEit Transfer 11.1 before 11.1.3, a vulnerability has been found that could allow an attacker to sign in without full credentials via the SSH (SFTP) interface. The vulnerability affects only certain SSH (SFTP) configurations, and is applicable only if the MySQL database is being used. |
|
18 |
CVE-2019-18464 |
89 |
|
Sql |
2019-10-31 |
2019-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Progress MOVEit Transfer 10.2 before 10.2.6 (2018.3), 11.0 before 11.0.4 (2019.0.4), and 11.1 before 11.1.3 (2019.1.3), multiple SQL Injection vulnerabilities have been found in the REST API that could allow an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database or may be able to alter the database. |
|
19 |
CVE-2019-18425 |
269 |
|
+Priv |
2019-10-31 |
2023-03-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x86 PV emulation. When emulating certain PV guest operations, descriptor table accesses are performed by the emulating code. Such accesses should respect the guest specified limits, unless otherwise guaranteed to fail in such a case. Without this, emulation of 32-bit guest user mode calls through call gates would allow guest user mode to install and then use descriptors of their choice, as long as the guest kernel did not itself install an LDT. (Most OSes don't install any LDT by default). 32-bit PV guest user mode can elevate its privileges to that of the guest kernel. Xen versions from at least 3.2 onwards are affected. Only 32-bit PV guest user mode can leverage this vulnerability. HVM, PVH, as well as 64-bit PV guests cannot leverage this vulnerability. Arm systems are unaffected. |
|
20 |
CVE-2019-18424 |
78 |
|
+Priv |
2019-10-31 |
2023-03-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passed through PCI devices may corrupt host memory after deassignment. When a PCI device is assigned to an untrusted domain, it is possible for that domain to program the device to DMA to an arbitrary address. The IOMMU is used to protect the host from malicious DMA by making sure that the device addresses can only target memory assigned to the guest. However, when the guest domain is torn down, or the device is deassigned, the device is assigned back to dom0, thus allowing any in-flight DMA to potentially target critical host data. An untrusted domain with access to a physical device can DMA into host memory, leading to privilege escalation. Only systems where guests are given direct access to physical devices capable of DMA (PCI pass-through) are vulnerable. Systems which do not use PCI pass-through are not vulnerable. |
|
21 |
CVE-2019-18423 |
193 |
|
DoS |
2019-10-31 |
2023-03-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_translation_fault() and p2m_get_entry() to sanity check guest physical frame. The rest of the code in the two functions will assume that there is a valid root table and check that with BUG_ON(). The function p2m_get_root_pointer() will ignore the unused top bits of a guest physical frame. This means that the function p2m_set_entry() will alias the frame. However, p2m->max_mapped_gfn will be updated using the original frame. It would be possible to set p2m->max_mapped_gfn high enough to cover a frame that would lead p2m_get_root_pointer() to return NULL in p2m_get_entry() and p2m_resolve_translation_fault(). Additionally, the sanity check on p2m->max_mapped_gfn is off-by-one allowing "highest mapped + 1" to be considered valid. However, p2m_get_root_pointer() will return NULL. The problem could be triggered with a specially crafted hypercall XENMEM_add_to_physmap{, _batch} followed by an access to an address (via hypercall or direct access) that passes the sanity check but cause p2m_get_root_pointer() to return NULL. A malicious guest administrator may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen version 4.8 and newer are vulnerable. Only Arm systems are vulnerable. x86 systems are not affected. |
|
22 |
CVE-2019-18422 |
732 |
|
DoS +Priv |
2019-10-31 |
2023-02-03 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditionally unmasked in exception handlers. When an exception occurs on an ARM system which is handled without changing processor level, some interrupts are unconditionally enabled during exception entry. So exceptions which occur when interrupts are masked will effectively unmask the interrupts. A malicious guest might contrive to arrange for critical Xen code to run with interrupts erroneously enabled. This could lead to data corruption, denial of service, or possibly even privilege escalation. However a precise attack technique has not been identified. |
|
23 |
CVE-2019-18421 |
362 |
|
+Priv |
2019-10-31 |
2023-03-29 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. |
|
24 |
CVE-2019-18420 |
134 |
|
DoS |
2019-10-31 |
2023-02-23 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function which uses a printf-like format string to interpret its parameters. Error handling for a bad format character was done using BUG(), which crashes Xen. One path, via the VCPUOP_initialise hypercall, has a bad format character. The BUG() can be hit if VCPUOP_initialise executes for a sufficiently long period of time for a continuation to be created. Malicious guests may cause a hypervisor crash, resulting in a Denial of Service (DoS). Xen versions 4.6 and newer are vulnerable. Xen versions 4.5 and earlier are not vulnerable. Only x86 PV guests can exploit the vulnerability. HVM and PVH guests, and guests on ARM systems, cannot exploit the vulnerability. |
|
25 |
CVE-2019-18419 |
79 |
|
XSS |
2019-10-24 |
2019-10-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
|
26 |
CVE-2019-18418 |
384 |
|
|
2019-10-24 |
2019-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management. |
|
27 |
CVE-2019-18417 |
434 |
|
Exec Code |
2019-10-24 |
2019-10-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. |
|
28 |
CVE-2019-18416 |
79 |
|
XSS |
2019-10-24 |
2019-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member. |
|
29 |
CVE-2019-18415 |
79 |
|
XSS |
2019-10-24 |
2019-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen. |
|
30 |
CVE-2019-18414 |
352 |
|
CSRF |
2019-10-24 |
2019-10-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. |
|
31 |
CVE-2019-18413 |
79 |
|
Sql XSS Bypass |
2019-10-24 |
2023-02-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this option is not documented and thus most developers configure input validation in the vulnerable default manner. With this vulnerability, attackers can launch SQL Injection or XSS attacks by injecting arbitrary malicious input. NOTE: a software maintainer agrees with the "is not documented" finding but suggests that much of the responsibility for the risk lies in a different product. |
|
32 |
CVE-2019-18409 |
732 |
|
|
2019-10-24 |
2019-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem (which has a legacy dependency) 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the ruby_parser-legacy-1.0.0/lib/ruby_parser/legacy/ruby_parser.rb file. |
|
33 |
CVE-2019-18408 |
416 |
|
|
2019-10-24 |
2019-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. |
|
34 |
CVE-2019-18396 |
78 |
|
Exec Code |
2019-10-31 |
2020-02-10 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127. |
|
35 |
CVE-2019-18394 |
918 |
|
|
2019-10-24 |
2020-08-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. |
|
36 |
CVE-2019-18393 |
22 |
|
Dir. Trav. |
2019-10-24 |
2020-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. |
|
37 |
CVE-2019-18387 |
89 |
|
Exec Code Sql |
2019-10-23 |
2019-10-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. |
|
38 |
CVE-2019-18385 |
532 |
|
|
2019-10-23 |
2019-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring. |
|
39 |
CVE-2019-18384 |
|
|
|
2019-10-23 |
2020-08-24 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring. |
|
40 |
CVE-2019-18383 |
862 |
|
|
2019-10-23 |
2020-08-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramaster_TNAS-00E43A_config_backup.bin without permission. |
|
41 |
CVE-2019-18382 |
20 |
|
DoS |
2019-10-23 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered on AVStar PE204 3.10.70 IP camera devices. A denial of service can occur on open TCP port 23456. After a TELNET connection, no TCP ports are open. |
|
42 |
CVE-2019-18371 |
22 |
|
Dir. Trav. Bypass |
2019-10-23 |
2019-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. |
|
43 |
CVE-2019-18370 |
20 |
|
|
2019-10-23 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed. |
|
44 |
CVE-2019-18369 |
276 |
|
|
2019-10-31 |
2019-11-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible. |
|
45 |
CVE-2019-18368 |
|
|
|
2019-10-31 |
2020-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. |
|
46 |
CVE-2019-18367 |
276 |
|
|
2019-10-31 |
2019-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. |
|
47 |
CVE-2019-18366 |
276 |
|
|
2019-10-31 |
2019-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. |
|
48 |
CVE-2019-18365 |
|
|
|
2019-10-31 |
2019-11-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. |
|
49 |
CVE-2019-18364 |
502 |
|
Exec Code |
2019-10-31 |
2019-11-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. |
|
50 |
CVE-2019-18363 |
200 |
|
+Info |
2019-10-31 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. |
