216 matches found
CVE-2024-36365
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
CVE-2024-36369
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
CVE-2019-18365
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2019-18367
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2021-25772
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2023-34227
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2024-36364
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
CVE-2024-36470
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
CVE-2024-41825
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
CVE-2024-41827
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
CVE-2024-56350
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2024-56354
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
CVE-2024-56355
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVE-2014-10002
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44646
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
CVE-2024-36363
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
CVE-2024-36376
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
CVE-2024-36378
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
CVE-2024-41824
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
CVE-2024-43810
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
CVE-2020-11938
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVE-2021-25775
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-31908
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31909
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2023-34224
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2024-35301
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
CVE-2024-41828
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
CVE-2024-43809
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
CVE-2019-18366
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2021-25773
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2021-26310
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
CVE-2021-3315
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2024-36375
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
CVE-2024-56353
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
CVE-2020-11688
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVE-2020-11689
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2021-25778
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2021-43197
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2022-44623
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
CVE-2024-36367
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible