Teamcity Security Vulnerabilities

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was...

CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were...

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps...

CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing...

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection...

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login...

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution...

CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL...

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was...

CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent...

CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be...

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized...

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was...

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was...

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR...

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL...

CVE-2024-24937

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was...

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was...

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was...

CVE-2023-50870

In JetBrains TeamCity before 2023.11.1 a CSRF on login was...

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was...

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes...

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build...

CVE-2023-41250

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user...

CVE-2023-41248

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles...

CVE-2023-39175

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was...

CVE-2023-39173

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account...

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue...

CVE-2023-38065

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was...

CVE-2023-38067

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent...

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build...

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact...

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was...

CVE-2023-38064

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent...

CVE-2023-38061

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was...

CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated...

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was...

CVE-2023-34224

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was...

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was...

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some...

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account...

CVE-2023-34219

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST...

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was...

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was...

CVE-2023-34229

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was...

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was...

CVE-2023-34222

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was...

CVE-2023-34227

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force...

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was...