Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build...
6.5CVSS
6.4AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was...
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent...
6.5CVSS
6.4AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated...
6.5CVSS
7.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was...
4.8CVSS
5.1AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account...
6.5CVSS
6.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST...
4.3CVSS
4.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was...
9.8CVSS
9.3AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was...
5.4CVSS
5.2AI Score
0.0004EPSS
5.4CVSS
5AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was...
6.1CVSS
6AI Score
0.0005EPSS
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force...
7.5CVSS
7.4AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was...
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was...
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation...
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation...
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system...
4.9CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port...
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were...
5.3CVSS
5.5AI Score
0.001EPSS
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's...
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner...
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special...
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce...
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some...
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some...
6.5CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was...
6.1CVSS
6AI Score
0.001EPSS
4.9CVSS
5.1AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature...
9.8CVSS
9.6AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some...
7.5CVSS
7.5AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via...
8.1CVSS
7.9AI Score
0.002EPSS
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate...
6.5CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity...
5.3CVSS
5.3AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me...
5.3CVSS
5.3AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the...
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited...
7.5CVSS
7.5AI Score
0.001EPSS