226 matches found
CVE-2024-56353
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
CVE-2020-11688
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVE-2020-11689
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2021-25778
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2021-43197
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2022-44623
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
CVE-2024-36367
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
CVE-2024-36371
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
CVE-2024-56349
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2020-11687
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVE-2020-27627
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2021-31911
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-43195
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
CVE-2024-43807
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
CVE-2025-24460
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2020-11686
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVE-2021-25776
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-31910
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31913
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-43198
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43199
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2023-34229
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
CVE-2023-38065
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2024-36374
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVE-2021-43200
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2023-34222
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVE-2023-41248
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
CVE-2024-24937
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
CVE-2024-47949
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2024-47951
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
CVE-2021-31904
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
CVE-2021-31907
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
CVE-2014-10036
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVE-2020-27629
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVE-2021-25777
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-43194
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.