Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2020-04-22 CVE-2020-11688 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
network
low complexity
jetbrains CWE-613
7.5
7.5
2020-04-22 CVE-2020-11687 Information Exposure vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
network
low complexity
jetbrains CWE-200
7.5
7.5
2020-04-22 CVE-2020-11686 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
network
low complexity
jetbrains
2.7
2.7
2020-01-30 CVE-2020-7911 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2020-01-30 CVE-2020-7910 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
network
low complexity
jetbrains CWE-79
5.4
5.4
2020-01-30 CVE-2020-7909 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
network
low complexity
jetbrains CWE-522
7.5
7.5
2020-01-30 CVE-2020-7908 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
4.3
2019-10-31 CVE-2019-18367 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
network
low complexity
jetbrains CWE-276
5.3
5.3
2019-10-31 CVE-2019-18366 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
network
low complexity
jetbrains CWE-276
5.3
5.3
2019-10-31 CVE-2019-18365 Improper Privilege Management vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
network
low complexity
jetbrains CWE-269
4.3
4.3