JetBrains TeamCity 2018.2.4 Remote Code Execution

Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads Version: 2018.2.4 for Windows CVE: CVE-2019-15039...

JetBrains TeamCity Input Validation Error Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. An input validation error vulnerability exists in...

Code injection

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

CVE-2019-15036

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

CVE-2019-15037

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1...

CVE-2019-15037

CVE-2019-15037 affects JetBrains TeamCity 2018.2.4 with multiple XSS issues on settings pages. Root cause: cross-site scripting vulnerabilities on UI settings, mitigated by fixes in TeamCity 2019.1. Public references in the dataset include NVD/NVD-based entries and Red Hat/CNVD mirrors confirming...

CVE-2019-15035

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

Code injection

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

CVE-2019-15035

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1...

CVE-2019-15035

JetBrains TeamCity 2018.2.4 contains an information disclosure vulnerability where a TeamCity Project administrator could access potentially confidential server‑level data. The issue affects JetBrains TeamCity and was fixed in TeamCity 2018.2.5 and in 2019.1. Affected component is the server-side...

CVE-2019-15042

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1...

CVE-2019-15038

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1...

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1...

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1...

IBM API Connect Information Disclosure Vulnerability

IBM API Connect is a comprehensive end-to-end API lifecycle solution. An information disclosure vulnerability exists in IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4. An attacker can exploit the vulnerability to obtain sensitive information...