Main Vulnerability Database Vulnerabilities #VU22504

#VU22504 Information disclosure in TeamCity - CVE-2019-18366

Published: November 4, 2019

Vulnerability identifier: #VU22504

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-18366

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TeamCity

Software vendor:
JetBrains s.r.o.

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to improper input validation. A remote authenticated user with the "View build runtime parameters and data" permission can gain unauthorized access to sensitive information on the system, such as secure values.

Remediation

Install updates from vendor's website.

External links

https://blog.jetbrains.com/blog/2019/10/29/jetbrains-security-bulletin-q3-2019/

#VU22504 Information disclosure in TeamCity - CVE-2019-18366

Description

Remediation

External links

Please verify you're human