216 matches found
CVE-2024-36371
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
CVE-2024-56349
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2020-11687
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVE-2020-27627
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2021-31911
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-43195
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-36372
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
CVE-2024-43807
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
CVE-2025-24460
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2020-11686
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVE-2021-25776
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-31910
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31913
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-43198
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43199
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2023-34229
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
CVE-2023-38065
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2024-36374
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
CVE-2024-43808
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
CVE-2021-43200
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2023-34222
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVE-2023-41248
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
CVE-2024-24937
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
CVE-2024-47949
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2024-47951
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
CVE-2021-31904
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
CVE-2021-31907
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
CVE-2014-10036
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVE-2020-27629
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVE-2021-25777
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-43194
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2023-38061
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
CVE-2023-38064
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVE-2023-38067
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVE-2023-41250
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
CVE-2023-34226
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVE-2015-1313
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVE-2021-31914
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-43201
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVE-2023-34225
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible