In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
2.7CVSS
4AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
7.5CVSS
7.6AI Score
0.002EPSS
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
6.5CVSS
6.3AI Score
0.001EPSS
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
4.9CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
8.8CVSS
8.6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
5.3CVSS
5.4AI Score
0.001EPSS
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
6.1CVSS
5.9AI Score
0.001EPSS
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.5AI Score
0.001EPSS
4.3CVSS
4.6AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
4.3CVSS
4.7AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
7.5CVSS
7.5AI Score
0.002EPSS
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
5.4CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
6.1CVSS
6.2AI Score
0.001EPSS