Skip to main content
CVE-2020-15825 HIGH This Week

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-15824 HIGH PATCH This Week

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kotlin Banking Extensibility Workbench Communications Cloud Native Core Policy
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-15817 HIGH This Week

In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-15827 HIGH This Week

In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Toolbox
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-15823 HIGH This Week

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-15828 MEDIUM This Month

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-15821 MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-15831 MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15830 MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15829 MEDIUM This Month

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15820 MEDIUM This Month

In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15819 MEDIUM This Month

JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15818 MEDIUM This Month

In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Youtrack
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15826 MEDIUM This Month

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy