In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
9.8CVSS
9.2AI Score
0.002EPSS
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
9.8CVSS
9.6AI Score
0.169EPSS
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
9.8CVSS
9.7AI Score
0.013EPSS
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
9.8CVSS
9.8AI Score
0.007EPSS
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
9.8CVSS
9.6AI Score
0.005EPSS
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
9.8CVSS
9.9AI Score
0.007EPSS
9.8CVSS
9.4AI Score
0.01EPSS
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
9.8CVSS
9.7AI Score
0.006EPSS
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
9.8CVSS
9.5AI Score
0.002EPSS
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
9.8CVSS
9.4AI Score
0.002EPSS
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
9.8CVSS
9.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
9.8CVSS
9.3AI Score
0.003EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
9.8CVSS
7AI Score
0.001EPSS