Lucene search

Teamcity Security Vulnerabilities - CVSS Score 9 - 10

cve

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

9.8CVSS

9.2AI Score

0.002EPSS

2019-10-02 07:15 PM

cve

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

9.8CVSS

9.6AI Score

0.169EPSS

2019-10-01 02:15 PM

cve

CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

9.8CVSS

9.7AI Score

0.013EPSS

2019-10-31 03:15 PM

cve

CVE-2021-31909

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

9.8CVSS

9.8AI Score

0.007EPSS

2021-05-11 12:15 PM

cve

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

9.8CVSS

9.6AI Score

0.005EPSS

2021-05-11 01:15 PM

cve

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

9.8CVSS

9.9AI Score

0.007EPSS

2021-05-11 01:15 PM

cve

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

9.8CVSS

9.4AI Score

0.01EPSS

2021-08-06 02:15 PM

cve

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

9.8CVSS

9.7AI Score

0.006EPSS

2021-11-09 03:15 PM

cve

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

9.8CVSS

9.4AI Score

0.002EPSS

2021-11-09 03:15 PM

cve

CVE-2021-43202

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

9.8CVSS

9.4AI Score

0.002EPSS

2021-11-30 04:15 PM

cve

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

9.8CVSS

9.5AI Score

0.002EPSS

2022-02-25 03:15 PM

cve

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

9.8CVSS

9.4AI Score

0.002EPSS

2022-02-25 03:15 PM

cve

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

9.8CVSS

9.7AI Score

0.001EPSS

2022-02-25 08:15 PM

cve

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

9.8CVSS

9.4AI Score

0.002EPSS

2023-02-23 04:15 PM

cve

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

9.8CVSS

9.3AI Score

0.003EPSS

2023-05-31 02:15 PM

cve

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

9.8CVSS

9.6AI Score

0.971EPSS

2023-09-19 05:15 PM

2802

In Wild

cve

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

9.8CVSS

9.7AI Score

0.05EPSS

2024-02-06 10:15 AM

In Wild

cve

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8CVSS

9.6AI Score

0.969EPSS

2024-03-04 06:15 PM

191

In Wild

cve

CVE-2024-41827

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

9.8CVSS

7AI Score

0.001EPSS

2024-07-22 03:15 PM