Teamcity Security Vulnerabilities and Issues — Page 5 of Teamcity CVE List

Lucene search

JetbrainsTeamcity

237 matches found

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38061

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

5.4CVSS5.2AI score0.00041EPSS

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38064

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38067

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2023/08/25 1:15 p.m.•34 views

CVE-2023-41250

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

6.1CVSS6AI score0.00164EPSS

CVE•added 2023/05/31 2:15 p.m.•33 views

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

6.1CVSS5.9AI score0.00017EPSS

CVE•added 2023/06/29 3:15 p.m.•32 views

CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2019/10/02 7:15 p.m.•32 views

CVE-2019-15037

An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.

6.1CVSS6.1AI score0.00006EPSS

CVE•added 2021/05/11 1:15 p.m.•32 views

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

9.8CVSS9.6AI score0.0004EPSS

CVE•added 2021/11/09 3:15 p.m.•32 views

CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

5.3CVSS5.2AI score0.00003EPSS

CVE•added 2023/05/31 2:15 p.m.•32 views

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

5.4CVSS5.2AI score0.03246EPSS

CVE•added 2023/07/12 1:15 p.m.•32 views

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

5.4CVSS5.2AI score0.00041EPSS

CVE•added 2023/05/31 2:15 p.m.•31 views

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

5.4CVSS5.2AI score0.04189EPSS

CVE•added 2023/05/31 2:15 p.m.•31 views

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

5.4CVSS5.2AI score0.00041EPSS

CVE•added 2023/07/12 1:15 p.m.•31 views

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

6.1CVSS5.9AI score0.00022EPSS

CVE•added 2023/08/25 1:15 p.m.•30 views

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

6.1CVSS6AI score0.77638EPSS

CVE•added 2023/07/12 1:15 p.m.•28 views

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2025/05/20 6:15 p.m.•26 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

6.1CVSS7.2AI score0.00002EPSS

CVE•added 2024/08/06 1:15 p.m.•22 views

CVE-2024-43114

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

7.8CVSS7.3AI score0.00002EPSS

CVE•added 2025/05/20 6:15 p.m.•22 views

CVE-2025-47852

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

5.4CVSS4.9AI score0.00014EPSS

CVE•added 2025/05/20 6:15 p.m.•20 views

CVE-2025-47851

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

5.4CVSS5AI score0.00014EPSS

CVE•added 2025/05/20 6:15 p.m.•19 views

CVE-2025-47853

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

5.4CVSS4.9AI score0.00014EPSS

CVE•added 2025/07/28 5:15 p.m.•7 views

CVE-2025-54529

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration

7.5CVSS6.6AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•7 views

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint

8.8CVSS6.6AI score0.00004EPSS

CVE•added 2025/06/23 3:15 p.m.•6 views

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

5.4CVSS5.3AI score0.00072EPSS

CVE•added 2025/06/23 3:15 p.m.•6 views

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

4.8CVSS5AI score0.00022EPSS

CVE•added 2025/06/23 3:15 p.m.•6 views

CVE-2025-52879

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

4.8CVSS5AI score0.00016EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54530

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

9.8CVSS6.8AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54528

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

8.8CVSS6.6AI score0.00004EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54531

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

9.4CVSS6.6AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54532

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies

4.3CVSS6.5AI score0.00003EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration

4.3CVSS6.5AI score0.00003EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54534

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page

4.8CVSS5.8AI score0.00016EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms

7.5CVSS6.8AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54537

In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots

5.5CVSS6.4AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•5 views

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command

5.5CVSS6.8AI score0.00001EPSS

CVE•added 2025/06/23 3:15 p.m.•4 views

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

5.4CVSS5.3AI score0.00072EPSS

CVE•added 2025/06/23 3:15 p.m.•4 views

CVE-2025-52878

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

4.3CVSS4.8AI score0.00002EPSS

Total number of security vulnerabilities237