Main Vulnerability Database Vulnerabilities #VU31023

Input validation error in TeamCity - CVE-2019-12845

Published: July 3, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31023

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-12845

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
TeamCity

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.

How to mitigate CVE-2019-12845

Install update from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/06/19/jetbrains-security-bulletin-q1-2019/

Input validation error in TeamCity - CVE-2019-12845

Detailed vulnerability description

How to mitigate CVE-2019-12845

Sources

Please verify you're human