Teamcity Security Vulnerabilities

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

CVE-2022-44622

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

CVE-2022-44623

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

CVE-2022-44624

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

CVE-2022-44646

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

CVE-2022-48426

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

CVE-2023-34219

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

CVE-2023-34222

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases

CVE-2023-34224

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

CVE-2023-34227

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

CVE-2023-34229

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

CVE-2023-38061

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

CVE-2023-38064

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

CVE-2023-38065

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

CVE-2023-38067

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

CVE-2023-39173

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

CVE-2023-39175

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

CVE-2023-41248

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

CVE-2023-41250

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

CVE-2023-50870

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

CVE-2024-24937

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings