Teamcity Security Vulnerabilities and Issues — Page 2 of Teamcity CVE List

Lucene search

JetbrainsTeamcity

226 matches found

CVE•added 2022/07/20 1:15 p.m.•54 views

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

6.5CVSS6.4AI score0.00007EPSS

CVE•added 2025/03/27 12:15 p.m.•54 views

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

6.5CVSS4.8AI score0.00001EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

8.8CVSS8.6AI score0.00006EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2024/02/06 10:15 a.m.•53 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

5.3CVSS5.3AI score0.00094EPSS

CVE•added 2021/02/03 4:15 p.m.•52 views

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2024/12/20 3:15 p.m.•52 views

CVE-2024-56351

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

8.8CVSS7AI score0.0006EPSS

CVE•added 2021/05/11 12:15 p.m.•51 views

CVE-2021-31906

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

4CVSS4.1AI score0.00002EPSS

CVE•added 2021/05/11 1:15 p.m.•51 views

CVE-2021-31912

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

8.8CVSS8.7AI score0.00006EPSS

CVE•added 2021/08/06 2:15 p.m.•51 views

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

5.3CVSS5.3AI score0.00004EPSS

CVE•added 2023/02/23 4:15 p.m.•51 views

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

6.1CVSS5.9AI score0.05024EPSS

CVE•added 2023/03/27 4:15 p.m.•51 views

CVE-2022-48426

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

5.4CVSS5.2AI score0.00094EPSS

CVE•added 2024/03/28 3:15 p.m.•51 views

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

6.1CVSS6.8AI score0.00151EPSS

CVE•added 2024/03/28 3:15 p.m.•51 views

CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

7.4CVSS6.8AI score0.00004EPSS

CVE•added 2020/08/08 9:15 p.m.•50 views

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2020/08/08 9:15 p.m.•50 views

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

6.1CVSS5.9AI score0.00007EPSS

CVE•added 2022/12/08 6:15 p.m.•50 views

CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2022/12/08 6:15 p.m.•50 views

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

6.6CVSS5.1AI score0.00003EPSS

CVE•added 2025/01/21 6:15 p.m.•50 views

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

6.5CVSS7AI score0.00001EPSS

CVE•added 2025/02/11 2:15 p.m.•50 views

CVE-2025-26492

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

9.1CVSS7.5AI score0.00001EPSS

CVE•added 2025/04/25 3:15 p.m.•50 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

6.1CVSS6AI score0.00027EPSS

CVE•added 2019/10/31 3:15 p.m.•49 views

CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

9.8CVSS9.7AI score0.00048EPSS

CVE•added 2020/08/08 9:15 p.m.•49 views

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

6.1CVSS5.9AI score0.00006EPSS

CVE•added 2021/08/06 2:15 p.m.•49 views

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

9.8CVSS9.4AI score0.00015EPSS

CVE•added 2022/09/23 11:15 a.m.•49 views

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

5.3CVSS5.3AI score0.00005EPSS

CVE•added 2023/09/19 5:15 p.m.•49 views

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

5.4CVSS5.2AI score0.00099EPSS

CVE•added 2024/12/20 3:15 p.m.•49 views

CVE-2024-56352

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

5.4CVSS5.9AI score0.13381EPSS

CVE•added 2021/02/03 4:15 p.m.•48 views

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

7.5CVSS7.4AI score0.00004EPSS

CVE•added 2021/05/11 12:15 p.m.•48 views

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

3.3CVSS3.9AI score0.00001EPSS

CVE•added 2021/08/06 2:15 p.m.•48 views

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was possible.

6.1CVSS5.9AI score0.00012EPSS

CVE•added 2021/08/06 2:15 p.m.•48 views

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/11/09 3:15 p.m.•48 views

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

9.8CVSS9.7AI score0.00017EPSS

CVE•added 2024/03/06 5:15 p.m.•48 views

CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

4.3CVSS4.7AI score0.00005EPSS

CVE•added 2024/03/21 2:15 p.m.•48 views

CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

7.8CVSS6.8AI score0.00002EPSS

CVE•added 2024/03/28 3:15 p.m.•48 views

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

6.5CVSS6.7AI score0.00007EPSS

CVE•added 2024/05/16 11:15 a.m.•48 views

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

6.1CVSS5.8AI score0.28951EPSS

CVE•added 2025/01/21 6:15 p.m.•48 views

CVE-2025-24459

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

6.1CVSS6.2AI score0.01355EPSS

CVE•added 2025/03/27 12:15 p.m.•48 views

CVE-2025-31140

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

6.1CVSS6AI score0.00101EPSS

CVE•added 2025/03/27 12:15 p.m.•48 views

CVE-2025-31141

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

7.5CVSS6.9AI score0.00001EPSS

CVE•added 2021/08/06 2:15 p.m.•47 views

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

7.5CVSS7.4AI score0.00003EPSS

CVE•added 2022/08/10 4:15 p.m.•47 views

CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

5.3CVSS5.2AI score0.00002EPSS

CVE•added 2023/02/23 4:15 p.m.•47 views

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

6.1CVSS5.9AI score0.00088EPSS

CVE•added 2024/03/06 5:15 p.m.•47 views

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

5.8CVSS5.7AI score0.0001EPSS

CVE•added 2025/02/11 2:15 p.m.•47 views

CVE-2025-26493

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

6.1CVSS4.7AI score0.02817EPSS

CVE•added 2025/04/25 3:15 p.m.•47 views

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

6.5CVSS7.2AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•46 views

CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

4.3CVSS4.7AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•46 views

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

6.1CVSS6.2AI score0.00007EPSS

CVE•added 2022/07/20 1:15 p.m.•46 views

CVE-2022-36322

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

8.8CVSS8.8AI score0.00005EPSS

CVE•added 2023/03/27 5:15 p.m.•46 views

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

5.4CVSS5.2AI score0.07231EPSS

CVE•added 2024/03/28 3:15 p.m.•46 views

CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

4.9CVSS7AI score0.0001EPSS

Total number of security vulnerabilities226