5 matches found
CVE-2019-14961
JetBrains Upsource prior to 2019.1.1412 is affected by a Cross‑Site Scripting (XSS) vulnerability due to insufficient escaping of code blocks (HTML tags) in code block comments. The issue is documented across multiple sources (e.g., CVE-2019-14961, JetBrains Security Bulletin Q2 2019) and is reso...
CVE-2019-12157
CVE-2019-12157 affects JetBrains Upsource prior to 2018.2 build 1293, with a credential disclosure vulnerability exposed via RPC commands. The issue is reported across multiple feeds (NVD, Red Hat, CVE lists) and tied to Upsource components in the 2018.2 train; the JetBrains bulletin confirms Ups...
CVE-2019-19704
CVE-2019-19704 affects JetBrains Upsource prior to 2020.1, where an incorrect user matching algorithm could lead to information disclosure. The Red Hat/CNVD/NVD entries corroborate that Upsource before 2020.1 is vulnerable due to this issue. The Red Hat entry and CNVD descriptions consistently st...
CVE-2019-12156
CVE-2019-12156 affects JetBrains TeamCity (before 2018.2.5) and UpSource (before 2018.2 build 1293). Root cause: an error message could reflect the entire server response, leading to exposure of server metadata. Impact: potential disclosure of sensitive information via error responses. Remediatio...
CVE-2021-30482
Affected software: JetBrains Upsource (prior to 2020.1.1883). The CVE-2021-30482 issue is that application passwords were not revoked correctly due to a flaw in Upsource’s password handling. Impact is stated as High risk; remediation: upgrade to version 2020.1.1883 or later where the issue is fix...