First published: Wed Oct 02 2019(Updated: )
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
JetBrains TeamCity | <2018.2.5 | |
JetBrains UpSource | <=2018.2 | |
JetBrains UpSource | =2018.2-build_1013 | |
JetBrains UpSource | =2018.2-build_1141 | |
JetBrains UpSource | =2018.2-build_1154 | |
JetBrains UpSource | =2018.2-build_1291 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12157 is a vulnerability in JetBrains UpSource versions before 2018.2 build 1293 that allows credential disclosure via RPC commands.
JetBrains TeamCity and JetBrains UpSource versions before 2018.2 build 1293 are affected by CVE-2019-12157.
CVE-2019-12157 has a severity level of 9.8 (Critical).
To fix CVE-2019-12157, you should update your JetBrains UpSource software to version 2018.2 build 1293 or later.
You can find more information about CVE-2019-12157 in the JetBrains security bulletin for Q2 2019.