CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11688
https://notcve.org/view.php?id=CVE-2020-11688
22 Apr 2020 — In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. En JetBrains TeamCity versiones anteriores a la versión 2019.2.1, el estado de la aplicación se mantuvo activo después de que un usuario finalizará su sesión. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11687
https://notcve.org/view.php?id=CVE-2020-11687
22 Apr 2020 — In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. En JetBrains TeamCity versiones anteriores a la versión 2019.2.2, los valores de contraseña fueron mostrados en un formato sin máscara en varias páginas. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11686
https://notcve.org/view.php?id=CVE-2020-11686
22 Apr 2020 — In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. En JetBrains TeamCity versiones anteriores a la versión 2019.1.4, un administrador del proyecto era capaz de recuperar algunas configuraciones del servidor TeamCity. • https://blog.jetbrains.com/blog/2020/04/22/jetbrains-security-bulletin-q1-2020 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7911
https://notcve.org/view.php?id=CVE-2020-7911
30 Jan 2020 — In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. En JetBrains TeamCity versiones anteriores a 2019.2, varias páginas de nivel de usuario eran vulnerables a un ataque de tipo XSS. • https://blog.jetbrains.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7910
https://notcve.org/view.php?id=CVE-2020-7910
30 Jan 2020 — JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. JetBrains TeamCity versiones anteriores a 2019.2, era vulnerable a un ataque de tipo XSS almacenado por parte de un usuario con el rol de desarrollador. • https://blog.jetbrains.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7909
https://notcve.org/view.php?id=CVE-2020-7909
30 Jan 2020 — In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. En JetBrains TeamCity versiones anteriores a 2019.1.5, algunas contraseñas almacenadas en servidor podrían ser mostradas por medio de la Interfaz de Usuario Web. • https://blog.jetbrains.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7908
https://notcve.org/view.php?id=CVE-2020-7908
30 Jan 2020 — In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. En JetBrains TeamCity versiones anteriores a 2019.1.5, un ataque de tabnabbing inverso era posible en varias páginas. • https://blog.jetbrains.com • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18367
https://notcve.org/view.php?id=CVE-2019-18367
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. En JetBrains TeamCity versiones anteriores a 2019.1.2, una operación no destructiva podría ser realizada por parte de un usuario sin los permisos correspondientes. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18366
https://notcve.org/view.php?id=CVE-2019-18366
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. En JetBrains TeamCity versiones anteriores a 2019.1.2, valores seguros podrían estar expuestos a usuarios con el permiso "View build runtime parameters and data". • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18365
https://notcve.org/view.php?id=CVE-2019-18365
31 Oct 2019 — In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. En JetBrains TeamCity versiones anteriores a 2019.1.4, un tabnabbing inverso era posible en varias páginas. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-269: Improper Privilege Management •