vulnerability
JetBrains TeamCity: CVE-2019-15848: XSS vulnerability (TW-61242, TW-61315)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 5, 2019 | Oct 15, 2024 | Jul 3, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 5, 2019
Added
Oct 15, 2024
Modified
Jul 3, 2025
Description
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Solution
jetbrains-teamcity-upgrade-latest
References
- CWE-79
- CVE-2019-15848
- https://attackerkb.com/topics/CVE-2019-15848
- URL-https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/
- URL-https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70
- URL-https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20
- URL-https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.