10 matches found
CVE-2021-43193
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2021-43197
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43195
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2021-43198
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43199
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-43200
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2021-43202
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43194
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2021-43201
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.