Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user...
6.5CVSS
7.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge...
8.1CVSS
7.1AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be...
5.3CVSS
6.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their...
6.5CVSS
6.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth...
5.9CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was...
4.6CVSS
5.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was...
4.6CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was...
4.6CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were...
4.6CVSS
5.8AI Score
0.0004EPSS
4.6CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering...
5.4CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was...
4.6CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was...
4.6CVSS
5.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was...
4.6CVSS
5.5AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was...
6.5CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud...
6.8CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was...
6.5CVSS
6.6AI Score
0.0004EPSS
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were...
4.6CVSS
6AI Score
0.0004EPSS
5.4CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were...
3.5CVSS
5.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App...
5.5CVSS
6.8AI Score
0.0004EPSS
5.9CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing...
4.1CVSS
7AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection...
6.8CVSS
6AI Score
0.0005EPSS
6.1CVSS
6.8AI Score
0.0005EPSS
5.4CVSS
5.5AI Score
0.001EPSS
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL...
7.4CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was...
6.5CVSS
6.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent...
4.2CVSS
6.8AI Score
0.0004EPSS
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be...
4.3CVSS
4.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized...
5.8CVSS
5.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was...
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was...
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR...
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL...
5.3CVSS
5.3AI Score
0.0005EPSS
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was...
5.3CVSS
5.3AI Score
0.0005EPSS
8.8CVSS
8.6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was...
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build...
6.1CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles...
5.4CVSS
5.2AI Score
0.0004EPSS
6.1CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account...
8.8CVSS
8.7AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue...
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build...
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was...
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact...
6.1CVSS
5.9AI Score
0.001EPSS