5.4CVSS
6.1AI Score
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were...
3.5CVSS
6.2AI Score
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App...
5.5CVSS
7.5AI Score
5.9CVSS
7.4AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing...
4.1CVSS
7.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection...
6.1CVSS
6.4AI Score
0.0005EPSS
6.1CVSS
7.4AI Score
0.0005EPSS
5.4CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL...
7.4CVSS
7.3AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was...
6.5CVSS
7.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent...
4.2CVSS
7.3AI Score
0.0004EPSS
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be...
4.3CVSS
7.4AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized...
5.8CVSS
7.4AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was...
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was...
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR...
5.3CVSS
7.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL...
5.3CVSS
7.4AI Score
0.0005EPSS
5.4CVSS
5.9AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was...
5.3CVSS
7.4AI Score
0.0005EPSS
8.8CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was...
5.4CVSS
5.9AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build...
6.1CVSS
6AI Score
0.0005EPSS
6.1CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles...
5.4CVSS
5.2AI Score
0.0004EPSS
6.1CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account...
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue...
7.5CVSS
7.5AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was...
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent...
6.5CVSS
6.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build...
6.5CVSS
6.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact...
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was...
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent...
6.5CVSS
6.4AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated...
6.5CVSS
7.3AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was...
4.8CVSS
5.1AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account...
6.5CVSS
6.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST...
4.3CVSS
4.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was...
9.8CVSS
9.3AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was...
5.4CVSS
5.2AI Score
0.0004EPSS
5.4CVSS
5AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was...
6.1CVSS
6AI Score
0.0005EPSS
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force...
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was...
5.4CVSS
5.2AI Score
0.001EPSS