Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

61 matches found

CVE•added 2019/07/03 8:15 p.m.•247 views

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS

CVE•added 2019/07/03 8:15 p.m.•247 views

CVE-2019-12844

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.

6.1CVSS6.3AI score0.00004EPSS

CVE•added 2019/07/03 8:15 p.m.•238 views

CVE-2019-12842

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.

6.1CVSS5.9AI score0.00008EPSS

CVE•added 2022/02/25 3:15 p.m.•93 views

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2019/09/05 8:15 p.m.•88 views

CVE-2019-15848

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.

6.1CVSS6AI score0.00007EPSS

CVE•added 2024/10/08 4:15 p.m.•88 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

6.5CVSS4.9AI score0.00003EPSS

CVE•added 2022/02/25 3:15 p.m.•86 views

CVE-2022-24338

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS

CVE•added 2022/02/25 3:15 p.m.•82 views

CVE-2022-24330

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.

6.1CVSS6.1AI score0.00003EPSS

CVE•added 2022/02/25 3:15 p.m.•80 views

CVE-2022-24337

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2022/05/12 9:15 a.m.•75 views

CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

6.1CVSS5.9AI score0.00014EPSS

CVE•added 2022/02/25 8:15 p.m.•72 views

CVE-2022-25261

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

6.1CVSS6.2AI score0.00011EPSS

CVE•added 2022/05/12 9:15 a.m.•72 views

CVE-2022-29927

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

6.1CVSS6AI score0.00005EPSS

CVE•added 2020/08/08 9:15 p.m.•59 views

CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

6.5CVSS6.4AI score0.00003EPSS

CVE•added 2024/03/28 3:15 p.m.•58 views

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

6.8CVSS6AI score0.00136EPSS

CVE•added 2022/07/20 1:15 p.m.•54 views

CVE-2022-36321

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

6.5CVSS6.4AI score0.00008EPSS

CVE•added 2025/03/27 12:15 p.m.•54 views

CVE-2025-31139

In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log

6.5CVSS4.8AI score0.00001EPSS

CVE•added 2023/02/23 4:15 p.m.•51 views

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

6.1CVSS5.9AI score0.05024EPSS

CVE•added 2024/03/28 3:15 p.m.•51 views

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

6.1CVSS6.8AI score0.00151EPSS

CVE•added 2020/08/08 9:15 p.m.•50 views

CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

6.1CVSS5.9AI score0.00007EPSS

CVE•added 2022/12/08 6:15 p.m.•50 views

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

6.6CVSS5.1AI score0.00003EPSS

CVE•added 2025/01/21 6:15 p.m.•50 views

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

6.5CVSS7AI score0.00001EPSS

CVE•added 2025/04/25 3:15 p.m.•50 views

CVE-2025-46618

In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab

6.1CVSS6AI score0.00027EPSS

CVE•added 2020/08/08 9:15 p.m.•49 views

CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

6.1CVSS5.9AI score0.00006EPSS

CVE•added 2021/08/06 2:15 p.m.•48 views

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was possible.

6.1CVSS5.9AI score0.00012EPSS

CVE•added 2024/03/28 3:15 p.m.•48 views

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

6.5CVSS6.7AI score0.00007EPSS

CVE•added 2024/05/16 11:15 a.m.•48 views

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

6.1CVSS5.8AI score0.26356EPSS

CVE•added 2025/01/21 6:15 p.m.•48 views

CVE-2025-24459

In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

6.1CVSS6.2AI score0.01355EPSS

CVE•added 2025/03/27 12:15 p.m.•48 views

CVE-2025-31140

In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

6.1CVSS6AI score0.00101EPSS

CVE•added 2023/02/23 4:15 p.m.•47 views

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

6.1CVSS5.9AI score0.00088EPSS

CVE•added 2025/02/11 2:15 p.m.•47 views

CVE-2025-26493

In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

6.1CVSS4.7AI score0.01921EPSS

CVE•added 2025/04/25 3:15 p.m.•47 views

CVE-2025-46432

In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs

6.5CVSS7.2AI score0.00002EPSS

CVE•added 2020/01/30 6:15 p.m.•46 views

CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

6.1CVSS6.2AI score0.00007EPSS

CVE•added 2024/05/29 2:15 p.m.•46 views

CVE-2024-36362

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible

6.5CVSS6.6AI score0.00006EPSS

CVE•added 2024/05/29 2:15 p.m.•46 views

CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

6.1CVSS6AI score0.13735EPSS

CVE•added 2024/05/16 11:15 a.m.•45 views

CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

6.1CVSS5.8AI score0.00139EPSS

CVE•added 2024/05/29 2:15 p.m.•44 views

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible

6.5CVSS6.8AI score0.00004EPSS

CVE•added 2023/07/25 3:15 p.m.•43 views

CVE-2023-39175

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

6.1CVSS6AI score0.2547EPSS

CVE•added 2024/07/22 3:15 p.m.•43 views

CVE-2024-41824

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

6.5CVSS6.9AI score0.00007EPSS

CVE•added 2024/07/22 3:15 p.m.•42 views

CVE-2024-41828

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

6.5CVSS7AI score0.00003EPSS

CVE•added 2024/08/16 3:15 p.m.•42 views

CVE-2024-43809

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

6.1CVSS6.2AI score0.0008EPSS

CVE•added 2021/02/03 4:15 p.m.•41 views

CVE-2021-25773

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.

6.1CVSS6AI score0.00007EPSS

CVE•added 2024/12/20 3:15 p.m.•41 views

CVE-2024-56353

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

6.5CVSS7.1AI score0.00002EPSS

CVE•added 2020/04/22 2:15 p.m.•40 views

CVE-2020-11689

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

6.5CVSS6.3AI score0.00002EPSS

CVE•added 2021/11/09 3:15 p.m.•40 views

CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

6.1CVSS6.2AI score0.00012EPSS

CVE•added 2024/05/29 2:15 p.m.•40 views

CVE-2024-36367

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

6.1CVSS5.6AI score0.09868EPSS

CVE•added 2020/11/16 4:15 p.m.•39 views

CVE-2020-27627

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

6.1CVSS6.5AI score0.00003EPSS

CVE•added 2021/05/11 1:15 p.m.•39 views

CVE-2021-31911

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

6.1CVSS6AI score0.00015EPSS

CVE•added 2024/05/29 2:15 p.m.•39 views

CVE-2024-36372

In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

6.1CVSS6AI score0.0585EPSS

CVE•added 2023/05/31 2:15 p.m.•37 views

CVE-2023-34222

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

6.1CVSS5.9AI score0.00055EPSS

CVE•added 2021/05/11 12:15 p.m.•36 views

CVE-2021-31904

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

6.1CVSS6AI score0.00011EPSS

Total number of security vulnerabilities61