CVE-2019-12157

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-12157
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:upsource:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbrains:upsource:2018.2:build_1013:*:*:*:*:*:*
cpe:2.3:a:jetbrains:upsource:2018.2:build_1141:*:*:*:*:*:*
cpe:2.3:a:jetbrains:upsource:2018.2:build_1154:*:*:*:*:*:*
cpe:2.3:a:jetbrains:upsource:2018.2:build_1291:*:*:*:*:*:*
History

26 Jan 2021, 18:15

Type Values Removed Values Added
Summary In JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293, improper validation of user input for one of the fields could lead to Command Injection. In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Information

Published : 2019-10-02 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-12157

Mitre link : CVE-2019-12157

CVE.ORG link : CVE-2019-12157

JSON object : View

Products Affected

jetbrains

  • teamcity
  • upsource
CWE
CWE-20

Improper Input Validation