Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
6.3AI Score
0.002EPSS
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
5.3CVSS
5.3AI Score
0.001EPSS
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
5.4CVSS
5.1AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
5.3CVSS
5.4AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
5.3CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
5.3CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
5.3CVSS
5.4AI Score
0.001EPSS
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
5.3CVSS
5.3AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
5.4CVSS
5AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
5.4CVSS
5.2AI Score
0.0004EPSS
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
5.4CVSS
5.5AI Score
0.001EPSS
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
5.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
5.3CVSS
5.2AI Score
0.0005EPSS