JetBrains TeamCity > 2023.11.3 - Authentication Bypass

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible id: CVE-2024-23917 info: name: JetBrains TeamCity 2023.11.3 - Authentication Bypass author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before 2023.11.3...

TeamCity < 2023.11.4 - Authentication Bypass

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible id: CVE-2024-27199 info: name: TeamCity 2023.11.4 - Authentication Bypass author: DhiyaneshDk severity: high description: | In JetBrains TeamCity before 2023.11.4 path traversal allowing t...

JetBrains TeamCity < 2023.05.4 - Remote Code Execution

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible id: CVE-2023-42793 info: name: JetBrains TeamCity 2023.05.4 - Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | In JetBrains TeamCity before...

TeamCity < 2023.11.4 - Authentication Bypass

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible id: CVE-2024-27198 info: name: TeamCity 2023.11.4 - Authentication Bypass author: DhiyaneshDk severity: critical description: | In JetBrains TeamCity before 2023.11.4 authentication bypass...

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

CVE-2026-49380

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

CVE-2026-49376

In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin...

CVE-2026-49378

In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion...

CVE-2026-49375

In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page...

CVE-2026-49379

In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names...

CVE-2026-49377

In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters...

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

CVE-2026-49371

In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible...

CVE-2026-49372

In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible...

CVE-2026-49373

In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings...

CVE-2026-44413

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...

JetBrains TeamCity < 2025.11.2 Sensitive Data Exposure (CVE-2026-49377)

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.2. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters CVE-2026-49377 Note that Nessus has not tested for this issue but h...

JetBrains TeamCity < 2026.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings CVE-2026-49373 - In JetBrains TeamCity before 2026.1...

JetBrains TeamCity < 2026.1.1 Reflected XSS (CVE-2026-49371)

The version of JetBrains TeamCity installed on the remote host is prior to 2026.1.1. It is, therefore, affected by a vulnerability: - In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible CVE-2026-49371 Note that Nessus has not tested for this issue but has instea...

JetBrains TeamCity < 2025.11.5 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2025.11.5. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2026.1, 2025.11.5 authenticated users could expose server API to unauthorised access CVE-2026-44413 - In JetBrains TeamCity...