GCVE - cpe:2.3:a:jetbrains:upsource:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:jetbrains:upsource:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Jetbrains (`b1b7db7a-bd16-5477-8e89-fb64c5636fcd`)
Product	Upsource (`a1314237-a69c-515c-8adf-237d35cb1407`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-30482`	vulnerable	2026-06-03 14:44:30.857854	Details available In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly Published: 2021-05-11T12:16:27.000Z Updated: 2024-08-03T22:32:41.101Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-19704`	vulnerable	2026-06-03 14:40:05.417891	Details available In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. Published: 2020-08-08T20:52:51.000Z Updated: 2024-08-05T02:25:12.637Z Open on db.gcve.eu Reference links https://blog.jetbrains.com https://blog.jetbrains.com/blog/2020/08/06/jetbrains-security-bulletin-q2-2020/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14961`	vulnerable	2026-06-03 14:39:46.896287	Details available JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS. Published: 2019-10-01T16:43:04.000Z Updated: 2024-08-05T00:34:53.138Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12157`	vulnerable	2026-06-03 14:39:34.342229	Details available In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. Published: 2019-10-02T18:51:36.000Z Updated: 2024-08-04T23:10:30.824Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12156`	vulnerable	2026-06-03 14:39:34.340936	Details available Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. Published: 2019-10-02T18:52:29.000Z Updated: 2024-08-04T23:10:30.863Z Open on db.gcve.eu Reference links https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.