Vulnerabilities > Jetbrains > Teamcity > 2018.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-7910 | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. | 5.4 |
| 2020-01-30 | CVE-2020-7909 | Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | 7.5 |
| 2020-01-30 | CVE-2020-7908 | Improper Privilege Management vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | 4.3 |
| 2019-10-31 | CVE-2019-18367 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. | 5.3 |
| 2019-10-31 | CVE-2019-18366 | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. | 5.3 |
| 2019-10-31 | CVE-2019-18365 | Improper Privilege Management vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | 4.3 |
| 2019-10-31 | CVE-2019-18364 | Deserialization of Untrusted Data vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. | 9.8 |
| 2019-10-31 | CVE-2019-18363 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. | 5.3 |
| 2019-10-02 | CVE-2019-12157 | Improper Input Validation vulnerability in Jetbrains Teamcity In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | 9.8 |
| 2019-07-03 | CVE-2019-12846 | Unspecified vulnerability in Jetbrains Teamcity A user without the required permissions could gain access to some JetBrains TeamCity settings. | 4.3 |