Teamcity@* Security Vulnerabilities and Issues — Teamcity@* CVE List

Lucene search

JetbrainsTeamcity*

33 matches found

CVE•added 2025/03/27 12:15 p.m.•55 views

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

6.5CVSS4.8AI score0.00001EPSS

CVE•added 2025/02/11 2:15 p.m.•51 views

CVE-2025-26492

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

9.1CVSS7.5AI score0.00001EPSS

CVE•added 2025/04/25 3:15 p.m.•51 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

6.1CVSS6AI score0.0002EPSS

CVE•added 2025/01/21 6:15 p.m.•50 views

CVE-2025-24459

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

6.1CVSS6.2AI score0.01625EPSS

CVE•added 2025/03/27 12:15 p.m.•50 views

CVE-2025-31140

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

6.1CVSS6AI score0.00088EPSS

CVE•added 2025/03/27 12:15 p.m.•50 views

CVE-2025-31141

In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page

7.5CVSS6.9AI score0.00001EPSS

CVE•added 2025/04/25 3:15 p.m.•49 views

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

6.5CVSS7.2AI score0.00001EPSS

CVE•added 2025/02/11 2:15 p.m.•48 views

CVE-2025-26493

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

6.1CVSS4.7AI score0.04041EPSS

CVE•added 2025/04/25 3:15 p.m.•47 views

CVE-2025-46433

In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

9.8CVSS7.2AI score0.00003EPSS

CVE•added 2025/01/21 6:15 p.m.•41 views

CVE-2025-24460

In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool

4.3CVSS6.8AI score0.00001EPSS

CVE•added 2025/05/20 6:15 p.m.•27 views

CVE-2025-47854

In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

6.1CVSS7.2AI score0.00001EPSS

CVE•added 2025/05/20 6:15 p.m.•23 views

CVE-2025-47852

In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

5.4CVSS4.9AI score0.00008EPSS

CVE•added 2025/05/20 6:15 p.m.•21 views

CVE-2025-47851

In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

5.4CVSS5AI score0.00008EPSS

CVE•added 2025/05/20 6:15 p.m.•20 views

CVE-2025-47853

In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

5.4CVSS4.9AI score0.00008EPSS

CVE•added 2025/08/20 10:15 a.m.•9 views

CVE-2025-57732

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

7.5CVSS7.4AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•8 views

CVE-2025-54529

In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration

7.5CVSS6.6AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•8 views

CVE-2025-54536

In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint

8.8CVSS6.6AI score0.00004EPSS

CVE•added 2025/06/23 3:15 p.m.•7 views

CVE-2025-52875

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

5.4CVSS5.3AI score0.00072EPSS

CVE•added 2025/06/23 3:15 p.m.•7 views

CVE-2025-52877

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

4.8CVSS5AI score0.00022EPSS

CVE•added 2025/06/23 3:15 p.m.•7 views

CVE-2025-52879

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

4.8CVSS5AI score0.00016EPSS

CVE•added 2025/07/28 5:15 p.m.•7 views

CVE-2025-54530

In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions

9.8CVSS6.8AI score0.00001EPSS

CVE•added 2025/08/20 10:15 a.m.•7 views

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

6.5CVSS7.2AI score0.00002EPSS

CVE•added 2025/06/23 3:15 p.m.•6 views

CVE-2025-52876

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

5.4CVSS5.3AI score0.00072EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54528

In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow

8.8CVSS6.6AI score0.00004EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54531

In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows

9.4CVSS6.6AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54532

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies

4.3CVSS6.5AI score0.00003EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54533

In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration

4.3CVSS6.5AI score0.00003EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54534

In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page

4.8CVSS5.8AI score0.00016EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms

7.5CVSS6.8AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54537

In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots

5.5CVSS6.4AI score0.00001EPSS

CVE•added 2025/07/28 5:15 p.m.•6 views

CVE-2025-54538

In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command

5.5CVSS6.8AI score0.00001EPSS

CVE•added 2025/08/20 10:15 a.m.•6 views

CVE-2025-57733

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content

5.5CVSS7.5AI score0.00002EPSS

CVE•added 2025/06/23 3:15 p.m.•5 views

CVE-2025-52878

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

4.3CVSS4.8AI score0.00002EPSS