CVE-2019-18363
https://notcve.org/view.php?id=CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. En JetBrains TeamCity versiones anteriores a 2019.1.2, un acceso podría ser conseguido al historial de compilaciones de una configuración de compilación eliminada en algunas circunstancias. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVE-2019-12157
https://notcve.org/view.php?id=CVE-2019-12157
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. En las versiones de JetBrains UpSource anteriores a la build 1293 de 2018.2, existe la divulgación de credenciales a través de comandos RPC • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-20: Improper Input Validation •
CVE-2019-15036
https://notcve.org/view.php?id=CVE-2019-15036
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se detectó un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría ejecutar cualquier comando en la máquina del servidor. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2019-15037
https://notcve.org/view.php?id=CVE-2019-15037
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. Se detectó un problema en JetBrains TeamCity versión 2018.2.4. Presentaba varias vulnerabilidades de tipo XSS en las páginas de configuración. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15035
https://notcve.org/view.php?id=CVE-2019-15035
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría obtener acceso a datos de nivel de servidor potencialmente confidenciales. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •