Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
JetbrainsTeamcity*

216 matches found

CVE
CVEadded 2021/02/03 4:15 p.m.52 views

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.

4.3CVSS4.6AI score0.00002EPSS
CVE
CVEadded 2024/12/20 3:15 p.m.52 views

CVE-2024-56351

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

8.8CVSS7AI score0.0006EPSS
CVE
CVEadded 2021/05/11 12:15 p.m.51 views

CVE-2021-31906

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

4CVSS4.1AI score0.00002EPSS
CVE
CVEadded 2021/05/11 1:15 p.m.51 views

CVE-2021-31912

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

8.8CVSS8.7AI score0.00006EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.51 views

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

5.3CVSS5.3AI score0.00004EPSS
CVE
CVEadded 2023/02/23 4:15 p.m.51 views

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

6.1CVSS5.9AI score0.05024EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.51 views

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

6.1CVSS6.8AI score0.00151EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.51 views

CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

7.4CVSS6.8AI score0.00004EPSS
CVE
CVEadded 2020/08/08 9:15 p.m.50 views

CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

5.3CVSS5.4AI score0.00003EPSS
CVE
CVEadded 2020/08/08 9:15 p.m.50 views

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

6.1CVSS5.9AI score0.00007EPSS
CVE
CVEadded 2022/12/08 6:15 p.m.50 views

CVE-2022-46830

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

5.3CVSS5.3AI score0.00003EPSS
CVE
CVEadded 2022/12/08 6:15 p.m.50 views

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

6.6CVSS5.1AI score0.00003EPSS
CVE
CVEadded 2025/02/11 2:15 p.m.50 views

CVE-2025-26492

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

9.1CVSS7.5AI score0.00001EPSS
CVE
CVEadded 2025/04/25 3:15 p.m.50 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

6.1CVSS6AI score0.00027EPSS
CVE
CVEadded 2019/10/31 3:15 p.m.49 views

CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

9.8CVSS9.7AI score0.00048EPSS
CVE
CVEadded 2020/08/08 9:15 p.m.49 views

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

6.1CVSS5.9AI score0.00006EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.49 views

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

9.8CVSS9.4AI score0.00015EPSS
CVE
CVEadded 2022/09/23 11:15 a.m.49 views

CVE-2022-40979

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

5.3CVSS5.3AI score0.00005EPSS
CVE
CVEadded 2023/09/19 5:15 p.m.49 views

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

5.4CVSS5.2AI score0.00099EPSS
CVE
CVEadded 2024/12/20 3:15 p.m.49 views

CVE-2024-56352

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

5.4CVSS5.9AI score0.13381EPSS
CVE
CVEadded 2021/02/03 4:15 p.m.48 views

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

7.5CVSS7.4AI score0.00004EPSS
CVE
CVEadded 2021/05/11 12:15 p.m.48 views

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

3.3CVSS3.9AI score0.00001EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.48 views

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was possible.

6.1CVSS5.9AI score0.00012EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.48 views

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

5.3CVSS5.3AI score0.00003EPSS
CVE
CVEadded 2021/11/09 3:15 p.m.48 views

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

9.8CVSS9.7AI score0.00017EPSS
CVE
CVEadded 2024/03/06 5:15 p.m.48 views

CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

4.3CVSS4.7AI score0.00005EPSS
CVE
CVEadded 2024/03/21 2:15 p.m.48 views

CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

7.8CVSS6.8AI score0.00002EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.48 views

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

6.5CVSS6.7AI score0.00007EPSS
CVE
CVEadded 2024/05/16 11:15 a.m.48 views

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

6.1CVSS5.8AI score0.28951EPSS
CVE
CVEadded 2025/01/21 6:15 p.m.48 views

CVE-2025-24459

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

6.1CVSS6.2AI score0.01355EPSS
CVE
CVEadded 2025/03/27 12:15 p.m.48 views

CVE-2025-31140

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

6.1CVSS6AI score0.00101EPSS
CVE
CVEadded 2025/03/27 12:15 p.m.48 views

CVE-2025-31141

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

7.5CVSS6.9AI score0.00001EPSS
CVE
CVEadded 2021/08/06 2:15 p.m.47 views

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

7.5CVSS7.4AI score0.00003EPSS
CVE
CVEadded 2022/08/10 4:15 p.m.47 views

CVE-2022-38133

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

5.3CVSS5.2AI score0.00002EPSS
CVE
CVEadded 2023/02/23 4:15 p.m.47 views

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

6.1CVSS5.9AI score0.00088EPSS
CVE
CVEadded 2024/03/06 5:15 p.m.47 views

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

5.8CVSS5.7AI score0.0001EPSS
CVE
CVEadded 2025/02/11 2:15 p.m.47 views

CVE-2025-26493

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

6.1CVSS4.7AI score0.02817EPSS
CVE
CVEadded 2025/04/25 3:15 p.m.47 views

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

6.5CVSS7.2AI score0.00002EPSS
CVE
CVEadded 2020/01/30 6:15 p.m.46 views

CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

4.3CVSS4.7AI score0.00002EPSS
CVE
CVEadded 2020/01/30 6:15 p.m.46 views

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

6.1CVSS6.2AI score0.00007EPSS
CVE
CVEadded 2022/07/20 1:15 p.m.46 views

CVE-2022-36322

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

8.8CVSS8.8AI score0.00005EPSS
CVE
CVEadded 2023/03/27 5:15 p.m.46 views

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

5.4CVSS5.2AI score0.07231EPSS
CVE
CVEadded 2024/03/28 3:15 p.m.46 views

CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

4.9CVSS7AI score0.0001EPSS
CVE
CVEadded 2024/05/29 2:15 p.m.46 views

CVE-2024-36362

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible

6.5CVSS6.6AI score0.00006EPSS
CVE
CVEadded 2024/05/29 2:15 p.m.46 views

CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

6.1CVSS6AI score0.1551EPSS
CVE
CVEadded 2024/07/01 5:15 p.m.46 views

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

5.3CVSS4.6AI score0.00002EPSS
CVE
CVEadded 2024/07/22 3:15 p.m.46 views

CVE-2024-41826

In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page

4.8CVSS6AI score0.0013EPSS
CVE
CVEadded 2024/12/20 3:15 p.m.46 views

CVE-2024-56348

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

4.3CVSS7AI score0.00002EPSS
CVE
CVEadded 2019/10/31 3:15 p.m.45 views

CVE-2019-18363

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.

5.3CVSS5.2AI score0.00004EPSS
CVE
CVEadded 2021/11/09 3:15 p.m.45 views

CVE-2021-43196

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

7.5CVSS7.2AI score0.00005EPSS
Total number of security vulnerabilities216