CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15035
https://notcve.org/view.php?id=CVE-2019-15035
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría obtener acceso a datos de nivel de servidor potencialmente confidenciales. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15042
https://notcve.org/view.php?id=CVE-2019-15042
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. No presenta comprobación de certificado SSL para algunas conexiones https externas. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15038
https://notcve.org/view.php?id=CVE-2019-15038
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. El servidor TeamCity no estaba usando algunos encabezados HTTP relacionados con la seguridad. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-15039 – JetBrains TeamCity 2018.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-15039
01 Oct 2019 — An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. Se descubrió in JetBrains TeamCity 2018,2,4. Tenía un posible problema de ejecución de código remoto. • https://packetstorm.news/files/id/155874 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15848
https://notcve.org/view.php?id=CVE-2019-15848
05 Sep 2019 — JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. JetBrains TeamCity 2019.1 y 2019.1.1 permite Cross-Site Scripting (XSS), lo que posiblemente permite enviar una petición HTTP arbitraria a un servidor TeamCity con el nombre del usuario actualmente registrado. • https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12846
https://notcve.org/view.php?id=CVE-2019-12846
03 Jul 2019 — A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. Un usuario sin los permisos necesarios podría obtener acceso a algunas configuraciones de TeamBity de JetBrains. El problema se solucionó en TeamCity 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12842
https://notcve.org/view.php?id=CVE-2019-12842
03 Jul 2019 — A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. Se detectó un Cross-Site Scripting (XSS) reflejado en una página de usuario en una de las páginas TeamBity de JetBrains. El problema se solucionó en TeamCity 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12841
https://notcve.org/view.php?id=CVE-2019-12841
03 Jul 2019 — Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. El manejo incorrecto de la entrada del usuario en la extracción de ZIP se detectó en JetBrains TeamCity. El problema se solucionó en TeamCity versión 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12843
https://notcve.org/view.php?id=CVE-2019-12843
03 Jul 2019 — A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. Se detectó una posible inyección de JavaScript almacenada que requiere una acción deliberada del administrador del servidor. El problema se solucionó en JetBrains TeamCity 03.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12845
https://notcve.org/view.php?id=CVE-2019-12845
03 Jul 2019 — The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. Las configuraciones DSL de Kotlin generadas permitieron el uso de una conexión sin cifrar para resolver artefactos. El problema se solucionó en JetBrains TeamCity 03.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-287: Improper Authentication •