12 matches found
CVE-2022-24342
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
CVE-2022-24335
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2024-36377
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
CVE-2024-31139
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
CVE-2020-15825
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
CVE-2024-56351
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
CVE-2021-31912
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2024-36365
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
CVE-2024-36376
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible