CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

CVE-2024-43114

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

CVE-2025-47852

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

CVE-2025-47851

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

CVE-2025-47853

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

CVE-2025-54529

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

CVE-2025-52879

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

CVE-2025-54530

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

CVE-2025-54528

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

CVE-2025-54531

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

CVE-2025-54532

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration

CVE-2025-54534

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms

CVE-2025-54537

In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

CVE-2025-52878

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions