Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Teamcity Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2014-10002

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.

6.3AI Score

0.002EPSS

2015-01-13 11:59 AM
29
cve
cve

CVE-2019-12845

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.

5.3CVSS

5.3AI Score

0.001EPSS

2019-07-03 08:15 PM
235
cve
cve

CVE-2019-18363

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.

5.3CVSS

5.2AI Score

0.001EPSS

2019-10-31 03:15 PM
34
cve
cve

CVE-2019-18366

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

5.3CVSS

5.2AI Score

0.001EPSS

2019-10-31 04:15 PM
24
cve
cve

CVE-2019-18367

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

5.3CVSS

5.2AI Score

0.001EPSS

2019-10-31 04:15 PM
31
cve
cve

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

5.3CVSS

5.4AI Score

0.001EPSS

2020-08-08 09:15 PM
41
cve
cve

CVE-2020-27629

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

5.3CVSS

5.3AI Score

0.001EPSS

2020-11-16 03:15 PM
22
cve
cve

CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

5.4CVSS

5.1AI Score

0.001EPSS

2020-01-30 06:15 PM
27
cve
cve

CVE-2021-25772

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.

5.3CVSS

5.3AI Score

0.001EPSS

2021-02-03 04:15 PM
30
cve
cve

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.

5.3CVSS

5.4AI Score

0.001EPSS

2021-02-03 04:15 PM
22
cve
cve

CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

5.3CVSS

5.3AI Score

0.001EPSS

2021-02-03 04:15 PM
23
4
cve
cve

CVE-2021-31907

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

5.3CVSS

5.4AI Score

0.001EPSS

2021-05-11 12:15 PM
25
cve
cve

CVE-2021-31908

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-11 12:15 PM
26
4
cve
cve

CVE-2021-3315

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

5.4CVSS

5.2AI Score

0.001EPSS

2021-05-11 12:15 PM
27
cve
cve

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

5.3CVSS

5.3AI Score

0.001EPSS

2021-08-06 02:15 PM
37
cve
cve

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

5.3CVSS

5.3AI Score

0.001EPSS

2021-08-06 02:15 PM
41
cve
cve

CVE-2021-43194

In JetBrains TeamCity before 2021.1.2, user enumeration was possible.

5.3CVSS

5.3AI Score

0.001EPSS

2021-11-09 03:15 PM
26
cve
cve

CVE-2021-43195

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

5.3CVSS

5.3AI Score

0.001EPSS

2021-11-09 03:15 PM
27
cve
cve

CVE-2021-43198

In JetBrains TeamCity before 2021.1.2, stored XSS is possible.

5.4CVSS

5.2AI Score

0.001EPSS

2021-11-09 03:15 PM
26
cve
cve

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

5.3CVSS

5.2AI Score

0.001EPSS

2021-11-09 03:15 PM
26
cve
cve

CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

5.3CVSS

5.2AI Score

0.001EPSS

2021-11-09 03:15 PM
22
cve
cve

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

5.3CVSS

5.2AI Score

0.001EPSS

2022-02-25 03:15 PM
64
cve
cve

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-25 03:15 PM
64
cve
cve

CVE-2022-24336

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

5.3CVSS

5.3AI Score

0.001EPSS

2022-02-25 03:15 PM
141
cve
cve

CVE-2022-24339

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

5.4CVSS

5.4AI Score

0.001EPSS

2022-02-25 03:15 PM
62
cve
cve

CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

5.3CVSS

5.2AI Score

0.001EPSS

2022-08-10 04:15 PM
33
4
cve
cve

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

5.3CVSS

5.3AI Score

0.001EPSS

2022-09-23 11:15 AM
35
4
cve
cve

CVE-2022-44622

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

5.3CVSS

5.4AI Score

0.001EPSS

2022-11-03 02:15 PM
31
5
cve
cve

CVE-2022-44646

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

5.3CVSS

5.3AI Score

0.001EPSS

2022-11-03 02:15 PM
30
4
cve
cve

CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

5.3CVSS

5.3AI Score

0.001EPSS

2022-12-08 06:15 PM
35
cve
cve

CVE-2022-48426

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 04:15 PM
31
cve
cve

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 05:15 PM
36
cve
cve

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-03-27 05:15 PM
28
cve
cve

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

5.4CVSS

5.2AI Score

0.0005EPSS

2023-05-31 02:15 PM
15
cve
cve

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

5.4CVSS

5.2AI Score

0.0005EPSS

2023-05-31 02:15 PM
17
cve
cve

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases

5.3CVSS

5.3AI Score

0.0005EPSS

2023-05-31 02:15 PM
21
cve
cve

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

5.4CVSS

5.2AI Score

0.0005EPSS

2023-05-31 02:15 PM
16
cve
cve

CVE-2023-34229

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

5.4CVSS

5AI Score

0.0005EPSS

2023-05-31 02:15 PM
24
cve
cve

CVE-2023-38061

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-07-12 01:15 PM
18
cve
cve

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-07-12 01:15 PM
15
cve
cve

CVE-2023-38065

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

5.4CVSS

5.2AI Score

0.001EPSS

2023-07-12 01:15 PM
24
cve
cve

CVE-2023-41248

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

5.4CVSS

5.2AI Score

0.001EPSS

2023-08-25 01:15 PM
19
cve
cve

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

5.4CVSS

5.2AI Score

0.001EPSS

2023-09-19 05:15 PM
37
cve
cve

CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
20
cve
cve

CVE-2024-24937

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

5.4CVSS

5.2AI Score

0.0004EPSS

2024-02-06 10:15 AM
18
cve
cve

CVE-2024-24938

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
16
cve
cve

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

5.3CVSS

5.3AI Score

0.0005EPSS

2024-02-06 10:15 AM
26
cve
cve

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

5.4CVSS

5.5AI Score

0.001EPSS

2024-03-28 03:15 PM
39
cve
cve

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

5.3CVSS

4.6AI Score

0.0005EPSS

2024-07-01 05:15 PM
33
cve
cve

CVE-2024-39879

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

5.3CVSS

5.2AI Score

0.0005EPSS

2024-07-01 05:15 PM
32
Total number of security vulnerabilities54