JetBrains Teamcity

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

CVE-2022-48344 6.1 - Medium - February 23, 2023

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

XSS

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVE-2022-48343 6.1 - Medium - February 23, 2023

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

XSS

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

CVE-2022-48342 9.8 - Critical - February 23, 2023

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

Insecure Default Initialization of Resource

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain"

CVE-2022-46831 4.9 - Medium - December 08, 2022

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Insecure Default Initialization of Resource

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint

CVE-2022-46830 5.3 - Medium - December 08, 2022

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

XSPA

In JetBrains TeamCity version before 2022.10

CVE-2022-44646 5.3 - Medium - November 03, 2022

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

In JetBrains TeamCity version before 2022.10

CVE-2022-44624 7.5 - High - November 03, 2022

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

Insertion of Sensitive Information into Log File

In JetBrains TeamCity version before 2022.10

CVE-2022-44623 7.5 - High - November 03, 2022

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

CVE-2022-44622 5.3 - Medium - November 03, 2022

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

CVE-2022-40979 5.3 - Medium - September 23, 2022

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

CVE-2022-38133 5.3 - Medium - August 10, 2022

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

CVE-2022-36322 8.8 - High - July 20, 2022

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

Argument Injection

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

CVE-2022-36321 6.5 - Medium - July 20, 2022

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2022.04 potential XSS

CVE-2022-29929 6.1 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

XSS

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

CVE-2022-29928 4.9 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

Insertion of Sensitive Information into Log File

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

CVE-2022-29927 6.1 - Medium - May 12, 2022

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

XSS

In JetBrains TeamCity before 2021.2.3

CVE-2022-25264 7.5 - High - February 25, 2022

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

Insecure Storage of Sensitive Information

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

CVE-2022-25263 9.8 - Critical - February 25, 2022

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

Shell injection

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

CVE-2022-25261 6.1 - Medium - February 25, 2022

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

XSS

In JetBrains TeamCity before 2021.2.1

CVE-2022-24342 8.8 - High - February 25, 2022

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

Session Riding

In JetBrains TeamCity before 2021.2.1

CVE-2022-24341 7.5 - High - February 25, 2022

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

Insufficient Session Expiration

In JetBrains TeamCity before 2021.2.1

CVE-2022-24340 9.8 - Critical - February 25, 2022

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

XXE

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

CVE-2022-24339 5.4 - Medium - February 25, 2022

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

XSS

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

CVE-2022-24338 6.1 - Medium - February 25, 2022

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

XSS

In JetBrains TeamCity before 2021.2

CVE-2022-24337 6.5 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

Incorrect Default Permissions

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds

CVE-2022-24336 5.3 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

Exposure of Resource to Wrong Sphere

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration

CVE-2022-24335 8.1 - High - February 25, 2022

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

TOCTTOU

In JetBrains TeamCity before 2021.2.1, the Agent Push feature

CVE-2022-24334 5.3 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

In JetBrains TeamCity before 2021.2.1

CVE-2022-24330 6.1 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

Open Redirect

In JetBrains TeamCity before 2021.2, blind SSRF

CVE-2022-24333 6.5 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

XSPA

In JetBrains TeamCity before 2021.2

CVE-2022-24332 5.3 - Medium - February 25, 2022

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

Insufficient Session Expiration

In JetBrains TeamCity before 2021.1.4

CVE-2022-24331 9.8 - Critical - February 25, 2022

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

authentification

In JetBrains TeamCity before 2021.1.3

CVE-2021-43202 9.8 - Critical - November 30, 2021

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings

CVE-2021-43201 5.3 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

In JetBrains TeamCity before 2021.1.2

CVE-2021-43200 9.8 - Critical - November 09, 2021

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

In JetBrains TeamCity before 2021.1.2

CVE-2021-43199 5.3 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

Incorrect Default Permissions

In JetBrains TeamCity before 2021.1.2

CVE-2021-43198 5.4 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.2, stored XSS is possible.

XSS

In JetBrains TeamCity before 2021.1.2

CVE-2021-43197 6.1 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

XSS

In JetBrains TeamCity before 2021.1, information disclosure

CVE-2021-43196 7.5 - High - November 09, 2021

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

In JetBrains TeamCity before 2021.1.2

CVE-2021-43195 5.3 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

In JetBrains TeamCity before 2021.1.2

CVE-2021-43194 5.3 - Medium - November 09, 2021

In JetBrains TeamCity before 2021.1.2, user enumeration was possible.

In JetBrains TeamCity before 2021.1.2, remote code execution

CVE-2021-43193 9.8 - Critical - November 09, 2021

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

In JetBrains TeamCity before 2021.1

CVE-2021-37548 7.5 - High - August 06, 2021

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

Cleartext Storage of Sensitive Information

In JetBrains TeamCity before 2020.2.4

CVE-2021-37547 5.3 - Medium - August 06, 2021

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

In JetBrains TeamCity before 2021.1

CVE-2021-37546 5.3 - Medium - August 06, 2021

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

Use of a Broken or Risky Cryptographic Algorithm

In JetBrains TeamCity before 2020.2.3

CVE-2021-37542 6.1 - Medium - August 06, 2021

In JetBrains TeamCity before 2020.2.3, XSS was possible.

XSS

In JetBrains TeamCity before 2021.1.1

CVE-2021-37545 7.5 - High - August 06, 2021

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

authentification

In JetBrains TeamCity before 2020.2.4

CVE-2021-37544 9.8 - Critical - August 06, 2021

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

Marshaling, Unmarshaling

In JetBrains TeamCity before 2020.2.3

CVE-2021-31911 6.1 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

XSS

In JetBrains TeamCity before 2020.2.4

CVE-2021-31915 9.8 - Critical - May 11, 2021

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

Shell injection

In JetBrains TeamCity before 2020.2.3

CVE-2021-31913 7.5 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.

Improper Validation of Integrity Check Value

In JetBrains TeamCity before 2020.2.3

CVE-2021-31912 8.8 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

Weak Password Recovery Mechanism for Forgotten Password

In JetBrains TeamCity before 2020.2.3, information disclosure

CVE-2021-31910 7.5 - High - May 11, 2021

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.

XSPA

In JetBrains TeamCity before 2020.2.2

CVE-2021-3315 5.4 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

XSS

In JetBrains TeamCity before 2020.2.3

CVE-2021-31908 5.4 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

XSS

In JetBrains TeamCity before 2020.2.3

CVE-2021-31909 9.8 - Critical - May 11, 2021

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

Argument Injection

In JetBrains TeamCity before 2020.2.2

CVE-2021-31907 5.3 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

Incorrect Permission Assignment for Critical Resource

In JetBrains TeamCity before 2020.2.2

CVE-2021-31906 2.7 - Low - May 11, 2021

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

In JetBrains TeamCity before 2020.2.2

CVE-2021-31904 6.1 - Medium - May 11, 2021

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

XSS

In the TeamCity IntelliJ plugin before 2020.2.2.85899

CVE-2021-26310 7.5 - High - May 11, 2021

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible

CVE-2021-26309 3.3 - Low - May 11, 2021

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

Exposure of Resource to Wrong Sphere

JetBrains TeamCity Plugin before 2020.2.85695 SSRF

CVE-2020-35667 7.5 - High - February 03, 2021

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

XSPA

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible

CVE-2021-25772 5.3 - Medium - February 03, 2021

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.

CVE-2021-25773 6.1 - Medium - February 03, 2021

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.

XSS

In JetBrains TeamCity before 2020.2.1

CVE-2021-25774 4.3 - Medium - February 03, 2021

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.

AuthZ

In JetBrains TeamCity before 2020.2.1

CVE-2021-25775 3.8 - Low - February 03, 2021

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.

In JetBrains TeamCity before 2020.2

CVE-2021-25776 7.5 - High - February 03, 2021

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.

Insecure Storage of Sensitive Information

In JetBrains TeamCity before 2020.2.1

CVE-2021-25777 5.3 - Medium - February 03, 2021

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.

AuthZ

In JetBrains TeamCity before 2020.2.1

CVE-2021-25778 5.3 - Medium - February 03, 2021

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

CVE-2020-27627 6.1 - Medium - November 16, 2020

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

Injection

In JetBrains TeamCity before 2020.1.5

CVE-2020-27628 4.3 - Medium - November 16, 2020

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.

In JetBrains TeamCity before 2020.1.5

CVE-2020-27629 5.3 - Medium - November 16, 2020

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

In JetBrains TeamCity before 2020.1, users with the Modify Group permission

CVE-2020-15825 8.8 - High - August 08, 2020

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

Improper Privilege Management

In JetBrains TeamCity before 2020.1

CVE-2020-15826 4.3 - Medium - August 08, 2020

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

AuthZ

In JetBrains TeamCity before 2020.1.1, project parameter values

CVE-2020-15828 6.5 - Medium - August 08, 2020

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

Information Disclosure

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed

CVE-2020-15829 5.3 - Medium - August 08, 2020

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

Information Disclosure

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

CVE-2020-15830 6.1 - Medium - August 08, 2020

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

XSS

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

CVE-2020-15831 6.1 - Medium - August 08, 2020

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

XSS

In JetBrains TeamCity before 2019.1.4

CVE-2020-11686 2.7 - Low - April 22, 2020

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

Information Disclosure

In JetBrains TeamCity before 2019.2.2

CVE-2020-11687 7.5 - High - April 22, 2020

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

Information Disclosure

In JetBrains TeamCity before 2019.2.1

CVE-2020-11688 7.5 - High - April 22, 2020

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

Insufficient Session Expiration

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings

CVE-2020-11689 6.5 - Medium - April 22, 2020

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

Incorrect Default Permissions

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project

CVE-2020-11938 4.9 - Medium - April 22, 2020

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.

Information Disclosure

In JetBrains TeamCity before 2019.1.5

CVE-2020-7908 4.3 - Medium - January 30, 2020

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

Insufficiently Protected Credentials

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown

CVE-2020-7909 7.5 - High - January 30, 2020

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

Insufficiently Protected Credentials

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

CVE-2020-7910 5.4 - Medium - January 30, 2020

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

XSS

In JetBrains TeamCity before 2019.2

CVE-2020-7911 6.1 - Medium - January 30, 2020

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

XSS

In JetBrains TeamCity before 2019.1.4

CVE-2019-18365 4.3 - Medium - October 31, 2019

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.

In JetBrains TeamCity before 2019.1.2

CVE-2019-18366 5.3 - Medium - October 31, 2019

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

Incorrect Default Permissions

In JetBrains TeamCity before 2019.1.2

CVE-2019-18367 5.3 - Medium - October 31, 2019

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

Incorrect Default Permissions

In JetBrains TeamCity before 2019.1.2

CVE-2019-18363 5.3 - Medium - October 31, 2019

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.

Information Disclosure

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially

CVE-2019-18364 9.8 - Critical - October 31, 2019

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

Marshaling, Unmarshaling

Server metadata could be exposed

CVE-2019-12156 5.3 - Medium - October 02, 2019

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.

Generation of Error Message Containing Sensitive Information

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure

CVE-2019-12157 9.8 - Critical - October 02, 2019

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Improper Input Validation

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15036 7.2 - High - October 02, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

Shell injection

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15037 6.1 - Medium - October 02, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.

XSS

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15035 4.9 - Medium - October 01, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

Information Disclosure

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15042 7.5 - High - October 01, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

Improper Certificate Validation

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15038 7.5 - High - October 01, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.

An issue was discovered in JetBrains TeamCity 2018.2.4

CVE-2019-15039 9.8 - Critical - October 01, 2019

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

Directory traversal