CVE-2019-12157

EPSS 0%
Veröffentlicht 02.10.2019 19:15:11
Zuletzt bearbeitet 21.11.2024 04:22:19
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

JetBrains ≫ Teamcity Version < 2018.2.5

JetBrains ≫ Upsource Version <= 2018.2

JetBrains ≫ Upsource Version2018.2 Updatebuild_1013

JetBrains ≫ Upsource Version2018.2 Updatebuild_1141

JetBrains ≫ Upsource Version2018.2 Updatebuild_1154

JetBrains ≫ Upsource Version2018.2 Updatebuild_1291

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0%	0.001

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12157

EUVD