CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18366
https://notcve.org/view.php?id=CVE-2019-18366
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. En JetBrains TeamCity versiones anteriores a 2019.1.2, valores seguros podrían estar expuestos a usuarios con el permiso "View build runtime parameters and data". • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18365
https://notcve.org/view.php?id=CVE-2019-18365
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. En JetBrains TeamCity versiones anteriores a 2019.1.4, un tabnabbing inverso era posible en varias páginas. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-18364
https://notcve.org/view.php?id=CVE-2019-18364
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. En JetBrains TeamCity versiones anteriores a 2019.1.4, una Deserialización de Java no segura podría permitir una ejecución de código remota. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18363
https://notcve.org/view.php?id=CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. En JetBrains TeamCity versiones anteriores a 2019.1.2, un acceso podría ser conseguido al historial de compilaciones de una configuración de compilación eliminada en algunas circunstancias. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15848
https://notcve.org/view.php?id=CVE-2019-15848
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. JetBrains TeamCity 2019.1 y 2019.1.1 permite Cross-Site Scripting (XSS), lo que posiblemente permite enviar una petición HTTP arbitraria a un servidor TeamCity con el nombre del usuario actualmente registrado. • https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70 https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20 https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •