76 matches found
CVE-2019-12845
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVE-2022-24336
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24332
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2024-36368
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
CVE-2024-36370
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
CVE-2022-48427
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
CVE-2024-31138
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
CVE-2024-39879
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVE-2021-37547
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
CVE-2022-48426
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
CVE-2020-15829
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
CVE-2022-40979
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
CVE-2023-43566
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
CVE-2024-56352
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
CVE-2021-37546
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
CVE-2022-38133
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
CVE-2024-28174
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
CVE-2022-48428
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
CVE-2024-39878
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
CVE-2019-18363
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVE-2024-36369
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
CVE-2019-18367
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2021-25772
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2024-41825
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
CVE-2024-56354
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
CVE-2024-56355
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
CVE-2014-10002
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44646
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
CVE-2024-36363
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
CVE-2024-43810
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
CVE-2021-25775
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-31908
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2024-35301
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
CVE-2024-36373
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
CVE-2019-18366
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2021-3315
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2024-36375
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
CVE-2020-7910
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2021-25778
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2024-36371
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
CVE-2024-56349
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2021-43195
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
CVE-2024-43807
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
CVE-2024-47950
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings