JetBrains TeamCity Improper Certificate Validation Vulnerability

Summary

An issue was discovered in JetBrains TeamCity 2018.2.4.  

Credit:

The information has been provided by  Robert Demmer

The original article can be found at: https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/


Details

It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1

Vulnerable Systems:

JetBrains TeamCity 2018.2.4.

CVE Information

CVE-2019-15042

  Disclosure Timeline: 
Published Date:10/01/2019