Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
5.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
5.3CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
6.5CVSS
6.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
5.4CVSS
4.7AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
4.8CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
9.8CVSS
7AI Score
0.001EPSS
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
6.5CVSS
7AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
7.5CVSS
7.2AI Score
0.001EPSS
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
7.8CVSS
7.3AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
5.4CVSS
6AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
5.4CVSS
6.1AI Score
0.0004EPSS
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
6.1CVSS
6.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
5.4CVSS
6.1AI Score
0.0004EPSS