226 matches found
CVE-2024-36362
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
CVE-2024-36366
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
CVE-2024-39878
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
CVE-2024-41826
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
CVE-2024-56348
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2024-35300
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
CVE-2024-36365
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
CVE-2024-36369
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
CVE-2019-15036
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-18365
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2019-18367
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2021-25772
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2023-34227
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2024-36364
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
CVE-2024-36470
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
CVE-2024-41825
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
CVE-2024-41827
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
CVE-2024-56350
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2024-56354
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
CVE-2024-56355
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVE-2014-10002
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44646
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
CVE-2024-36363
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
CVE-2024-36376
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
CVE-2024-36378
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
CVE-2024-41824
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
CVE-2024-43810
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
CVE-2020-11938
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVE-2021-25775
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-31908
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31909
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2023-34224
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2024-35301
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
CVE-2024-41828
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
CVE-2024-43809
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
CVE-2019-18366
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2021-25773
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2021-26310
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
CVE-2021-3315
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2024-36375
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed