CVE-2019-15038
https://notcve.org/view.php?id=CVE-2019-15038
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. El servidor TeamCity no estaba usando algunos encabezados HTTP relacionados con la seguridad. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •
CVE-2019-15039 – JetBrains TeamCity 2018.2.4 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-15039
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. Se descubrió in JetBrains TeamCity 2018,2,4. Tenía un posible problema de ejecución de código remoto. • https://www.exploit-db.com/exploits/47891 http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.html https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2019-12846
https://notcve.org/view.php?id=CVE-2019-12846
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. Un usuario sin los permisos necesarios podría obtener acceso a algunas configuraciones de TeamBity de JetBrains. El problema se solucionó en TeamCity 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 •
CVE-2019-12842
https://notcve.org/view.php?id=CVE-2019-12842
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. Se detectó un Cross-Site Scripting (XSS) reflejado en una página de usuario en una de las páginas TeamBity de JetBrains. El problema se solucionó en TeamCity 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12841
https://notcve.org/view.php?id=CVE-2019-12841
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. El manejo incorrecto de la entrada del usuario en la extracción de ZIP se detectó en JetBrains TeamCity. El problema se solucionó en TeamCity versión 02.02.2018. • https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019 • CWE-20: Improper Input Validation •