Description
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/
Scores
CVSS v3
5.3
EPSS
0.0000
EPSS Percentile
0.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (1)
jetbrains/upsource
< 2018.2.1290
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026