Main Vulnerability Database Vulnerabilities #VU35200

Improper Certificate Validation in TeamCity - CVE-2019-15042

Published: October 1, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35200

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-15042

CWE-ID: CWE-295

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JetBrains s.r.o.

Affected software:
TeamCity

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

How to mitigate CVE-2019-15042

Install update from vendor's website.

Sources

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/

Improper Certificate Validation in TeamCity - CVE-2019-15042

Detailed vulnerability description

How to mitigate CVE-2019-15042

Sources

Please verify you're human