Vulnerabilities > Jetbrains > Teamcity > 3.1

DATE CVE VULNERABILITY TITLE RISK
2020-08-08 CVE-2020-15829 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
network
low complexity
jetbrains CWE-532
5.3
5.3
2020-08-08 CVE-2020-15828 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
network
low complexity
jetbrains
6.5
6.5
2020-08-08 CVE-2020-15826 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
network
low complexity
jetbrains CWE-269
4.3
4.3
2020-08-08 CVE-2020-15825 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
network
low complexity
jetbrains
8.8
8.8
2020-04-22 CVE-2020-11689 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
network
low complexity
jetbrains CWE-276
6.5
6.5
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
7.5
7.5
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
7.5
7.5
2020-04-22 CVE-2020-11686 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains
2.7
2.7
2020-01-30 CVE-2020-7911 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2020-01-30 CVE-2020-7910 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
network
low complexity
jetbrains CWE-79
5.4
5.4