CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15035
https://notcve.org/view.php?id=CVE-2019-15035
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. Un administrador de TeamCity Project podría obtener acceso a datos de nivel de servidor potencialmente confidenciales. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14961
https://notcve.org/view.php?id=CVE-2019-14961
JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. JetBrains Upsource versiones anteriores a 2019.1.1412, no escapó apropiadamente las etiquetas HTML en un bloque de código de comentarios, conllevando a una vulnerabilidad de tipo XSS. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15042
https://notcve.org/view.php?id=CVE-2019-15042
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. Se descubrió un problema en JetBrains TeamCity versión 2018.2.4. No presenta comprobación de certificado SSL para algunas conexiones https externas. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14960
https://notcve.org/view.php?id=CVE-2019-14960
JetBrains Rider before 2019.1.2 was using an unsigned JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll file. JetBrains Rider versiones anteriores a 2019.1.2, estaba usando un archivo JetBrains.Rider.Unity.Editor.Plugin.Repacked.dll sin firmar. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-426: Untrusted Search Path •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14955
https://notcve.org/view.php?id=CVE-2019-14955
In JetBrains Hub versions earlier than 2018.4.11436, there was no option to force a user to change the password and no password expiration policy was implemented. En JetBrains Hub versiones anteriores a 2018.4.11436, no había ninguna opción para obligar a un usuario a cambiar la contraseña y no se implementó ninguna política de caducidad de contraseña. • https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •