30 matches found
CVE-2019-12841
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
CVE-2024-27199
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVE-2019-15042
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2022-24341
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
CVE-2022-25264
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVE-2019-15038
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVE-2024-41829
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
CVE-2021-37545
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVE-2020-7909
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVE-2024-31136
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
CVE-2020-35667
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
CVE-2024-29880
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
CVE-2025-31141
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVE-2021-37548
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
CVE-2021-43196
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2023-34227
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVE-2024-36378
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
CVE-2024-56356
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
CVE-2021-26310
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
CVE-2020-11688
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVE-2022-44623
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
CVE-2020-11687
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVE-2024-47948
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2021-25776
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-31910
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31913
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2024-47949
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
CVE-2024-43114
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions