CVE-2019-15848
N/A
N/A
Summary
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/
- https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20
- https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/
- https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70
References
- https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/
- https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20
- https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/
- https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.