CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18363
https://notcve.org/view.php?id=CVE-2019-18363
31 Oct 2019 — In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. En JetBrains TeamCity versiones anteriores a 2019.1.2, un acceso podría ser conseguido al historial de compilaciones de una configuración de compilación eliminada en algunas circunstancias. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15848
https://notcve.org/view.php?id=CVE-2019-15848
05 Sep 2019 — JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. JetBrains TeamCity 2019.1 y 2019.1.1 permite Cross-Site Scripting (XSS), lo que posiblemente permite enviar una petición HTTP arbitraria a un servidor TeamCity con el nombre del usuario actualmente registrado. • https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •