Vulnerabilities > Jetbrains > Teamcity > 10.0.1

DATE CVE VULNERABILITY TITLE RISK
2020-08-08 CVE-2020-15826 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
network
low complexity
jetbrains CWE-269
4.3
4.3
2020-08-08 CVE-2020-15825 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
network
low complexity
jetbrains
8.8
8.8
2020-04-22 CVE-2020-11689 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
network
low complexity
jetbrains CWE-276
6.5
6.5
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
7.5
7.5
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
7.5
7.5
2020-04-22 CVE-2020-11686 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains
2.7
2.7
2020-01-30 CVE-2020-7911 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2020-01-30 CVE-2020-7910 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
network
low complexity
jetbrains CWE-79
5.4
5.4
2020-01-30 CVE-2020-7909 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
network
low complexity
jetbrains CWE-522
7.5
7.5
2020-01-30 CVE-2020-7908 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
4.3