JetBrains Upsource Cross-Site Scripting Vulnerability

JetBrains Upsource is a set of code review tools from the Czech company JetBrains. A cross-site scripting vulnerability exists in versions prior to JetBrains Upsource 2019.1.1412. The vulnerability stems from the lack of proper validation of client data by the WEB application. An attacker can...

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands...

CVE-2019-12156

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

CVE-2019-12156

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands...

Design/Logic Flaw

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands...

Code injection

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

CVE-2019-12156

CVE-2019-12156 affects JetBrains TeamCity (before 2018.2.5) and UpSource (before 2018.2 build 1293). Root cause: an error message could reflect the entire server response, leading to exposure of server metadata. Impact: potential disclosure of sensitive information via error responses. Remediatio...

CVE-2019-12156

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293...

CVE-2019-12157

CVE-2019-12157 affects JetBrains Upsource prior to 2018.2 build 1293, with a credential disclosure vulnerability exposed via RPC commands. The issue is reported across multiple feeds (NVD, Red Hat, CVE lists) and tied to Upsource components in the 2018.2 train; the JetBrains bulletin confirms Ups...

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

Cross site scripting

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

CVE-2019-14961

JetBrains Upsource prior to 2019.1.1412 is affected by a Cross‑Site Scripting (XSS) vulnerability due to insufficient escaping of code blocks (HTML tags) in code block comments. The issue is documented across multiple sources (e.g., CVE-2019-14961, JetBrains Security Bulletin Q2 2019) and is reso...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

JetBrains Security Bulletin Q4 2018

News Security JetBrains Security Bulletin Q4 2018 Robert Demmer We have resolved a series of security issues in our products in the fourth quarter of 2018. Here’s a report summary with descriptions of each issue and the version in which they were resolved. Product | Description | Severity |...