Teamcity Security Vulnerabilities - 2023
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
6.5CVSS
6.4AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
9.8CVSS
9.3AI Score
0.003EPSS
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
4.3CVSS
4.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
5.3CVSS
5.3AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
4.8CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
5.4CVSS
5.2AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
6.1CVSS
5.9AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
7.5CVSS
7.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
6.5CVSS
6.6AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
5.4CVSS
5AI Score
0.0005EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
6.1CVSS
5.9AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
6.5CVSS
6.4AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
8.8CVSS
8.7AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
7.5CVSS
7.5AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
5.4CVSS
5.2AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
6.1CVSS
6AI Score
0.001EPSS
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
5.4CVSS
5.2AI Score
0.0005EPSS
8.8CVSS
8.6AI Score
0.001EPSS