Vulnerabilities > Jetbrains > Teamcity > 10.0.1

DATE CVE VULNERABILITY TITLE RISK
2020-01-30 CVE-2020-7909 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
network
low complexity
jetbrains CWE-522
7.5
7.5
2020-01-30 CVE-2020-7908 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
4.3
2019-10-31 CVE-2019-18367 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
network
low complexity
jetbrains CWE-276
5.3
5.3
2019-10-31 CVE-2019-18366 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
network
low complexity
jetbrains CWE-276
5.3
5.3
2019-10-31 CVE-2019-18365 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
4.3
2019-10-31 CVE-2019-18364 Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
network
low complexity
jetbrains CWE-502
critical
 9.8
9.8
2019-10-31 CVE-2019-18363 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
network
low complexity
jetbrains
5.3
5.3
2019-10-02 CVE-2019-12157 Improper Input Validation vulnerability in Jetbrains Teamcity
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
network
low complexity
jetbrains CWE-20
critical
 9.8
9.8
2019-07-03 CVE-2019-12846 Unspecified vulnerability in Jetbrains Teamcity
A user without the required permissions could gain access to some JetBrains TeamCity settings.
network
low complexity
jetbrains
4.3
4.3
2019-07-03 CVE-2019-12845 Improper Authentication vulnerability in Jetbrains Teamcity
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts.
network
low complexity
jetbrains CWE-287
5.3
5.3