Lucene search

Teamcity Security Vulnerabilities - 2020

cve

CVE-2020-11686

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

2.7CVSS

4AI Score

0.001EPSS

2020-04-22 02:15 PM

cve

CVE-2020-11687

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

7.5CVSS

7.6AI Score

0.002EPSS

2020-04-22 02:15 PM

cve

CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

7.5CVSS

7.5AI Score

0.001EPSS

2020-04-22 02:15 PM

cve

CVE-2020-11689

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

6.5CVSS

6.3AI Score

0.001EPSS

2020-04-22 02:15 PM

cve

CVE-2020-11938

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.

4.9CVSS

5.1AI Score

0.001EPSS

2020-04-22 02:15 PM

cve

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

8.8CVSS

8.6AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

4.3CVSS

4.6AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

6.5CVSS

6.4AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

5.3CVSS

5.4AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

6.1CVSS

5.9AI Score

0.001EPSS

2020-08-08 09:15 PM

cve

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

6.1CVSS

6.5AI Score

0.001EPSS

2020-11-16 04:15 PM

cve

CVE-2020-27628

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.

4.3CVSS

4.6AI Score

0.001EPSS

2020-11-16 03:15 PM

cve

CVE-2020-27629

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM

cve

CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

4.3CVSS

4.7AI Score

0.001EPSS

2020-01-30 06:15 PM

cve

CVE-2020-7909

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

7.5CVSS

7.5AI Score

0.002EPSS

2020-01-30 06:15 PM

cve

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

5.4CVSS

5.1AI Score

0.001EPSS

2020-01-30 06:15 PM

cve

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

6.1CVSS

6.2AI Score

0.001EPSS

2020-01-30 06:15 PM