26 matches found
CVE-2019-12846
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-15035
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2022-29928
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
CVE-2020-15826
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
CVE-2021-25774
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVE-2021-31906
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2024-28173
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
CVE-2024-31140
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
CVE-2020-7908
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVE-2024-41826
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
CVE-2024-56348
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVE-2019-18365
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2020-27628
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2024-56350
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2020-11938
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVE-2023-34224
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVE-2025-24460
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2020-11686
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVE-2014-10036
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2025-52877
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVE-2025-52879
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVE-2025-54532
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54534
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-52878
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions