Teamcity@* Security Vulnerabilities and Issues — Teamcity@* CVE List | Vulners.com

Lucene search

K

JetbrainsTeamcity*

216 matches found

CVE•added 2023/09/19 5:15 p.m.•3056 views

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

9.8CVSS9.6AI score0.94584EPSS

CVE•added 2024/03/04 6:15 p.m.•475 views

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8CVSS9.6AI score0.94577EPSS

CVE•added 2019/07/03 8:15 p.m.•249 views

CVE-2019-12845

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2019/07/03 8:15 p.m.•249 views

CVE-2019-12846

A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.

4.3CVSS4.7AI score0.00003EPSS

CVE•added 2019/07/03 8:15 p.m.•247 views

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS

CVE•added 2019/07/03 8:15 p.m.•247 views

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS

CVE•added 2019/07/03 8:15 p.m.•246 views

CVE-2019-12841

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.

7.5CVSS7.5AI score0.00004EPSS

CVE•added 2019/07/03 8:15 p.m.•238 views

CVE-2019-12842

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.

6.1CVSS5.9AI score0.00008EPSS

CVE•added 2024/02/06 10:15 a.m.•193 views

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

9.8CVSS9.7AI score0.94377EPSS

CVE•added 2024/03/04 6:15 p.m.•176 views

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

7.3CVSS8.3AI score0.94489EPSS

CVE•added 2022/02/25 3:15 p.m.•155 views

CVE-2022-24336

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.

5.3CVSS5.3AI score0.00005EPSS

CVE•added 2022/02/25 3:15 p.m.•93 views

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2022/02/25 3:15 p.m.•89 views

CVE-2022-24342

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.

8.8CVSS8.8AI score0.00077EPSS

CVE•added 2022/02/25 3:15 p.m.•88 views

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

9.8CVSS9.5AI score0.00006EPSS

CVE•added 2024/10/08 4:15 p.m.•88 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

6.5CVSS4.9AI score0.00003EPSS

CVE•added 2022/05/12 9:15 a.m.•87 views

CVE-2022-29928

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

4.9CVSS5.1AI score0.00004EPSS

CVE•added 2021/05/11 1:15 p.m.•86 views

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

9.8CVSS9.9AI score0.00158EPSS

CVE•added 2022/02/25 3:15 p.m.•86 views

CVE-2022-24338

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS

CVE•added 2022/02/25 3:15 p.m.•86 views

CVE-2022-24341

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2022/02/25 3:15 p.m.•82 views

CVE-2022-24330

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

6.1CVSS6.1AI score0.00003EPSS

CVE•added 2022/02/25 3:15 p.m.•81 views

CVE-2022-24335

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.

8.1CVSS7.9AI score0.00004EPSS

CVE•added 2022/02/25 8:15 p.m.•81 views

CVE-2022-25264

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2022/02/25 3:15 p.m.•80 views

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2022/02/25 3:15 p.m.•80 views

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

9.8CVSS9.4AI score0.00005EPSS

CVE•added 2022/02/25 3:15 p.m.•79 views

CVE-2022-24332

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.

5.3CVSS5.2AI score0.00003EPSS

CVE•added 2022/02/25 8:15 p.m.•79 views

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

9.8CVSS9.7AI score0.00062EPSS

CVE•added 2022/02/25 3:15 p.m.•76 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2022/05/12 9:15 a.m.•75 views

CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

6.1CVSS5.9AI score0.00014EPSS

CVE•added 2022/02/25 3:15 p.m.•72 views

CVE-2022-24339

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.

5.4CVSS5.4AI score0.00012EPSS

CVE•added 2022/02/25 8:15 p.m.•72 views

CVE-2022-25261

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS

CVE•added 2022/05/12 9:15 a.m.•72 views

CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

6.1CVSS6AI score0.00005EPSS

CVE•added 2024/05/29 2:15 p.m.•71 views

CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

5.4CVSS5.8AI score0.00477EPSS

CVE•added 2023/05/31 2:15 p.m.•70 views

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

9.8CVSS9.3AI score0.00003EPSS

CVE•added 2024/05/29 2:15 p.m.•68 views

CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

5.4CVSS5.5AI score0.25974EPSS

CVE•added 2024/07/22 3:15 p.m.•68 views

CVE-2024-41829

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

7.5CVSS7.2AI score0.00002EPSS

CVE•added 2024/05/29 2:15 p.m.•67 views

CVE-2024-36377

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

8.1CVSS7.2AI score0.00003EPSS

CVE•added 2020/08/08 9:15 p.m.•59 views

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2024/03/28 3:15 p.m.•58 views

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

6.8CVSS6AI score0.00136EPSS

CVE•added 2019/10/02 7:15 p.m.•57 views

CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

10CVSS9.2AI score0.00004EPSS

CVE•added 2023/03/27 5:15 p.m.•57 views

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

5.4CVSS5.2AI score0.00096EPSS

CVE•added 2024/03/28 3:15 p.m.•57 views

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

8.1CVSS6.8AI score0.00003EPSS

CVE•added 2024/03/28 3:15 p.m.•56 views

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

5.4CVSS5.5AI score0.8781EPSS

CVE•added 2021/08/06 2:15 p.m.•55 views

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

7.5CVSS7.7AI score0.00004EPSS

CVE•added 2024/07/01 5:15 p.m.•55 views

CVE-2024-39879

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

5.3CVSS5.2AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•54 views

CVE-2020-7909

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

7.5CVSS7.5AI score0.00003EPSS

CVE•added 2022/07/20 1:15 p.m.•54 views

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

6.5CVSS6.4AI score0.00008EPSS

CVE•added 2025/03/27 12:15 p.m.•54 views

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

6.5CVSS4.8AI score0.00001EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

8.8CVSS8.6AI score0.00006EPSS

CVE•added 2020/08/08 9:15 p.m.•53 views

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2024/02/06 10:15 a.m.•53 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

5.3CVSS5.3AI score0.00094EPSS

Total number of security vulnerabilities216