Main Vulnerability Database Vulnerabilities #VU35197

Cross-site scripting in TeamCity - CVE-2019-15037

Published: October 2, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35197

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-15037

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
TeamCity

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.

How to mitigate CVE-2019-15037

Install update from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/

Cross-site scripting in TeamCity - CVE-2019-15037

Detailed vulnerability description

How to mitigate CVE-2019-15037

Sources

Please verify you're human