Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JetbrainsTeamcity

226 matches found

CVE
CVEadded 2023/09/19 5:15 p.m.3063 views

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

9.8CVSS9.6AI score0.94584EPSS
CVE
CVEadded 2024/03/04 6:15 p.m.476 views

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8CVSS9.6AI score0.94577EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.249 views

CVE-2019-12845

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.

5.3CVSS5.3AI score0.00003EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.249 views

CVE-2019-12846

A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.

4.3CVSS4.7AI score0.00003EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.247 views

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.247 views

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.246 views

CVE-2019-12841

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.

7.5CVSS7.5AI score0.00004EPSS
CVE
CVEadded 2019/07/03 8:15 p.m.238 views

CVE-2019-12842

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.

6.1CVSS5.9AI score0.00008EPSS
CVE
CVEadded 2024/02/06 10:15 a.m.195 views

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

9.8CVSS9.7AI score0.94377EPSS
CVE
CVEadded 2024/03/04 6:15 p.m.177 views

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

7.3CVSS8.3AI score0.94489EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.155 views

CVE-2022-24336

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

5.3CVSS5.3AI score0.00005EPSS
CVE
CVEadded 2019/10/01 8:15 p.m.107 views

CVE-2019-15035

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

4.9CVSS5AI score0.00004EPSS
CVE
CVEadded 2019/10/01 2:15 p.m.103 views

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

9.8CVSS9.6AI score0.00229EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.93 views

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

6.5CVSS6.4AI score0.00002EPSS
CVE
CVEadded 2019/10/01 5:15 p.m.90 views

CVE-2019-15042

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

7.5CVSS7.5AI score0.00002EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.89 views

CVE-2022-24342

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

8.8CVSS8.8AI score0.00077EPSS
CVE
CVEadded 2019/09/05 8:15 p.m.88 views

CVE-2019-15848

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.

6.1CVSS6AI score0.00007EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.88 views

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

9.8CVSS9.5AI score0.00006EPSS
CVE
CVEadded 2024/10/08 4:15 p.m.88 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

6.5CVSS4.9AI score0.00003EPSS
CVE
CVEadded 2022/05/12 9:15 a.m.87 views

CVE-2022-29928

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

4.9CVSS5.1AI score0.00004EPSS
CVE
CVEadded 2021/05/11 1:15 p.m.86 views

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

9.8CVSS9.9AI score0.00158EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.86 views

CVE-2022-24338

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.86 views

CVE-2022-24341

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

7.5CVSS7.5AI score0.00003EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.82 views

CVE-2022-24330

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

6.1CVSS6.1AI score0.00003EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.81 views

CVE-2022-24335

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

8.1CVSS7.9AI score0.00004EPSS
CVE
CVEadded 2022/02/25 8:15 p.m.81 views

CVE-2022-25264

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

7.5CVSS7.5AI score0.00003EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.80 views

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

6.5CVSS6.4AI score0.00002EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.80 views

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

9.8CVSS9.4AI score0.00005EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.79 views

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

5.3CVSS5.2AI score0.00003EPSS
CVE
CVEadded 2022/02/25 8:15 p.m.79 views

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

9.8CVSS9.7AI score0.00062EPSS
CVE
CVEadded 2019/10/01 4:15 p.m.77 views

CVE-2019-15038

An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.

7.5CVSS7.5AI score0.00004EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.76 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

5.3CVSS5.3AI score0.00003EPSS
CVE
CVEadded 2022/05/12 9:15 a.m.75 views

CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

6.1CVSS5.9AI score0.00014EPSS
CVE
CVEadded 2022/02/25 3:15 p.m.72 views

CVE-2022-24339

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

5.4CVSS5.4AI score0.00012EPSS
CVE
CVEadded 2022/02/25 8:15 p.m.72 views

CVE-2022-25261

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS
CVE
CVEadded 2022/05/12 9:15 a.m.72 views

CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

6.1CVSS6AI score0.00005EPSS
CVE
CVEadded 2024/05/29 2:15 p.m.71 views

CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

5.4CVSS5.8AI score0.00477EPSS
CVE
CVEadded 2023/05/31 2:15 p.m.70 views

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

9.8CVSS9.3AI score0.00003EPSS
CVE
CVEadded 2024/05/29 2:15 p.m.68 views

CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

5.4CVSS5.5AI score0.25974EPSS
CVE
CVEadded 2024/07/22 3:15 p.m.68 views

CVE-2024-41829

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

7.5CVSS7.2AI score0.00002EPSS
CVE
CVEadded 2024/05/29 2:15 p.m.67 views

CVE-2024-36377

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

8.1CVSS7.2AI score0.00003EPSS
CVE
CVEadded 2020/08/08 9:15 p.m.59 views

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

6.5CVSS6.4AI score0.00003EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.58 views

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

6.8CVSS6AI score0.00136EPSS
CVE
CVEadded 2019/10/02 7:15 p.m.57 views

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

10CVSS9.2AI score0.00004EPSS
CVE
CVEadded 2023/03/27 5:15 p.m.57 views

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

5.4CVSS5.2AI score0.00096EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.57 views

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

8.1CVSS6.8AI score0.00003EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.56 views

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

5.4CVSS5.5AI score0.8781EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.55 views

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

7.5CVSS7.7AI score0.00004EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.55 views

CVE-2024-39879

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

5.3CVSS5.2AI score0.00002EPSS
CVE
CVEadded 2020/01/30 6:15 p.m.54 views

CVE-2020-7909

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

7.5CVSS7.5AI score0.00003EPSS
Total number of security vulnerabilities226