In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
7.5CVSS
7.5AI Score
0.002EPSS
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
6.6CVSS
5.1AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
9.8CVSS
9.3AI Score
0.003EPSS
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
4.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
4.8CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
6.5CVSS
6.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
5.4CVSS
5AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
5.4CVSS
5.2AI Score
0.0005EPSS
8.8CVSS
8.6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
6.1CVSS
6.8AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
6.8CVSS
6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
5.4CVSS
5.5AI Score
0.001EPSS