14 matches found
CVE-2021-31915
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-31906
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2021-31912
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2021-26309
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
CVE-2021-31908
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31909
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-26310
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
CVE-2021-3315
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2021-31911
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-31910
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31913
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-31904
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
CVE-2021-31907
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-31914
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.