CVE-2019-15848
published 2019-09-05CVE-2019-15848: JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server…
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.37%
68.6th percentile
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | — | — |
| jetbrains | teamcity | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/https://blog.jetbrains.com/teamcity/2019/09/important-security-notice-xss-vulnerability-allowing-rce/https://gist.github.com/JLLeitschuh/fe6784391254b58de680bbda78a04a70https://twitter.com/JLLeitschuh/status/1169332316612644864?s=20https://www.softwaresecured.com/jetbrains-teamcity-reflected-xss/
2019-09-05
Published