CVE-2024-56351

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

CVE-2024-56352

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

CVE-2024-56348

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

CVE-2024-56350

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

CVE-2024-56355

In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

CVE-2024-56356

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

CVE-2024-56353

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

CVE-2024-56349

In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs