Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2020-08-08 CVE-2020-15825 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
network
low complexity
jetbrains CWE-269
6.5
6.5
2020-04-22 CVE-2020-11938 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project.
network
low complexity
jetbrains CWE-200
4.0
4.0
2020-04-22 CVE-2020-11689 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
network
low complexity
jetbrains CWE-276
4.0
4.0
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
5.0
5.0
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
5.0
5.0
2020-04-22 CVE-2020-11686 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains CWE-200
4.0
4.0
2020-01-30 CVE-2020-7911 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
network
jetbrains CWE-79
4.3
4.3
2020-01-30 CVE-2020-7910 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
network
jetbrains CWE-79
3.5
3.5
2020-01-30 CVE-2020-7909 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
network
low complexity
jetbrains CWE-522
5.0
5.0
2020-01-30 CVE-2020-7908 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
network
jetbrains CWE-522
4.3
4.3