Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

22 matches found

CVE•added 2023/09/19 5:15 p.m.•3060 views

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

9.8CVSS9.6AI score0.94584EPSS

CVE•added 2024/03/04 6:15 p.m.•476 views

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8CVSS9.6AI score0.94577EPSS

CVE•added 2024/02/06 10:15 a.m.•195 views

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

9.8CVSS9.7AI score0.94377EPSS

CVE•added 2019/10/01 2:15 p.m.•103 views

CVE-2019-15039

An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

9.8CVSS9.6AI score0.00229EPSS

CVE•added 2022/02/25 3:15 p.m.•88 views

CVE-2022-24331

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

9.8CVSS9.5AI score0.00006EPSS

CVE•added 2021/05/11 1:15 p.m.•86 views

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

9.8CVSS9.9AI score0.00158EPSS

CVE•added 2022/02/25 3:15 p.m.•80 views

CVE-2022-24340

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.

9.8CVSS9.4AI score0.00005EPSS

CVE•added 2022/02/25 8:15 p.m.•79 views

CVE-2022-25263

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

9.8CVSS9.7AI score0.00062EPSS

CVE•added 2023/05/31 2:15 p.m.•70 views

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

9.8CVSS9.3AI score0.00003EPSS

CVE•added 2025/02/11 2:15 p.m.•50 views

CVE-2025-26492

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

9.1CVSS7.5AI score0.00001EPSS

CVE•added 2019/10/31 3:15 p.m.•49 views

CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

9.8CVSS9.7AI score0.00048EPSS

CVE•added 2021/08/06 2:15 p.m.•49 views

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

9.8CVSS9.4AI score0.00015EPSS

CVE•added 2021/11/09 3:15 p.m.•48 views

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

9.8CVSS9.7AI score0.00017EPSS

CVE•added 2025/04/25 3:15 p.m.•45 views

CVE-2025-46433

In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible

9.8CVSS7.2AI score0.00002EPSS

CVE•added 2019/10/02 7:15 p.m.•44 views

CVE-2019-15036

An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.

9CVSS7.1AI score0.00007EPSS

CVE•added 2024/05/29 2:15 p.m.•44 views

CVE-2024-36470

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

9.8CVSS7.1AI score0.00002EPSS

CVE•added 2024/07/22 3:15 p.m.•44 views

CVE-2024-41827

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

9.8CVSS7AI score0.00003EPSS

CVE•added 2023/02/23 4:15 p.m.•43 views

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

9.8CVSS9.4AI score0.00003EPSS

CVE•added 2021/05/11 12:15 p.m.•42 views

CVE-2021-31909

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

9.8CVSS9.8AI score0.00149EPSS

CVE•added 2021/11/09 3:15 p.m.•37 views

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2021/11/30 4:15 p.m.•36 views

CVE-2021-43202

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2021/05/11 1:15 p.m.•32 views

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

9.8CVSS9.6AI score0.0004EPSS