Teamcity Security Vulnerabilities

CVE-2022-24342

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was...

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was...

CVE-2022-24330

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was...

CVE-2021-43202

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some...

CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted...

CVE-2021-43195

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were...

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is...

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are...

CVE-2021-43194

In JetBrains TeamCity before 2021.1.2, user enumeration was...

CVE-2021-43196

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is...

CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for...

CVE-2021-43198

In JetBrains TeamCity before 2021.1.2, stored XSS is...

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were...

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were...

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure...

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were...

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in...

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was...

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was...

CVE-2021-31912

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password...

CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token...

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was...

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was...

CVE-2021-31910

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was...

CVE-2021-31911

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several...

CVE-2021-31907

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented...

CVE-2021-3315

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was...

CVE-2021-31908

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several...

CVE-2021-31909

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was...

CVE-2021-26310

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was...

CVE-2021-31904

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history...

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure...

CVE-2021-31906

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a...

CVE-2021-25772

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server...

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another...

CVE-2021-25773

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several...

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked...

CVE-2021-25775

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other...

CVE-2021-25776

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's...

CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked...

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user...

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL...

CVE-2020-27628

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit...

CVE-2020-27629

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal...

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build...

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they...

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate...

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users'...

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration...

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration...