CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18367
https://notcve.org/view.php?id=CVE-2019-18367
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. En JetBrains TeamCity versiones anteriores a 2019.1.2, una operación no destructiva podría ser realizada por parte de un usuario sin los permisos correspondientes. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18366
https://notcve.org/view.php?id=CVE-2019-18366
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. En JetBrains TeamCity versiones anteriores a 2019.1.2, valores seguros podrían estar expuestos a usuarios con el permiso "View build runtime parameters and data". • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18365
https://notcve.org/view.php?id=CVE-2019-18365
31 Oct 2019 — In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. En JetBrains TeamCity versiones anteriores a 2019.1.4, un tabnabbing inverso era posible en varias páginas. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18364
https://notcve.org/view.php?id=CVE-2019-18364
31 Oct 2019 — In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. En JetBrains TeamCity versiones anteriores a 2019.1.4, una Deserialización de Java no segura podría permitir una ejecución de código remota. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18363
https://notcve.org/view.php?id=CVE-2019-18363
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. En JetBrains TeamCity versiones anteriores a 2019.1.2, un acceso podría ser conseguido al historial de compilaciones de una configuración de compilación eliminada en algunas circunstancias. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-12157
https://notcve.org/view.php?id=CVE-2019-12157
02 Oct 2019 — In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. En las versiones de JetBrains UpSource anteriores a la build 1293 de 2018.2, existe la divulgación de credenciales a través de comandos RPC • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15036
https://notcve.org/view.php?id=CVE-2019-15036
02 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se detectó un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría ejecutar cualquier comando en la máquina del servidor. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15037
https://notcve.org/view.php?id=CVE-2019-15037
02 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. Se detectó un problema en JetBrains TeamCity versión 2018.2.4. Presentaba varias vulnerabilidades de tipo XSS en las páginas de configuración. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15035
https://notcve.org/view.php?id=CVE-2019-15035
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría obtener acceso a datos de nivel de servidor potencialmente confidenciales. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15042
https://notcve.org/view.php?id=CVE-2019-15042
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. No presenta comprobación de certificado SSL para algunas conexiones https externas. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-295: Improper Certificate Validation •