11 matches found
CVE-2025-54529
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVE-2025-54536
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVE-2025-54530
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVE-2025-54531
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVE-2025-54532
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54534
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-54535
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVE-2025-54537
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-54538
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command