Information Disclosure in JetBrains TeamCity and UpSource
CVE-2019-12156

5.3MEDIUM

Key Information:

Vendor: Jetbrains
Status: Upsource
Vendor: CVE Published:; 2 October 2019

Summary

This vulnerability allows an attacker to potentially expose sensitive server metadata, as one of the error messages inadvertently reflects the entire response back to the client in certain versions of JetBrains TeamCity and UpSource. Specifically, versions prior to 2018.2.5 for TeamCity and versions prior to 2018.2 build 1293 for UpSource are impacted. Proper validation and error handling mechanisms need to be in place to prevent such exposure.

References

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-secu...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2019
Vulnerability Reserved
May 17, 2019