CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18365
https://notcve.org/view.php?id=CVE-2019-18365
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. En JetBrains TeamCity versiones anteriores a 2019.1.4, un tabnabbing inverso era posible en varias páginas. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-18364
https://notcve.org/view.php?id=CVE-2019-18364
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. En JetBrains TeamCity versiones anteriores a 2019.1.4, una Deserialización de Java no segura podría permitir una ejecución de código remota. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18363
https://notcve.org/view.php?id=CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. En JetBrains TeamCity versiones anteriores a 2019.1.2, un acceso podría ser conseguido al historial de compilaciones de una configuración de compilación eliminada en algunas circunstancias. • https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019 •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-12157
https://notcve.org/view.php?id=CVE-2019-12157
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. En las versiones de JetBrains UpSource anteriores a la build 1293 de 2018.2, existe la divulgación de credenciales a través de comandos RPC • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15036
https://notcve.org/view.php?id=CVE-2019-15036
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se detectó un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría ejecutar cualquier comando en la máquina del servidor. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •