Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

38 matches found

CVE•added 2021/05/11 1:15 p.m.•86 views

CVE-2021-31915

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

9.8CVSS9.9AI score0.00158EPSS

CVE•added 2021/08/06 2:15 p.m.•55 views

CVE-2021-37545

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.

7.5CVSS7.7AI score0.00004EPSS

CVE•added 2021/02/03 4:15 p.m.•52 views

CVE-2021-25774

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.

4.3CVSS4.6AI score0.00002EPSS

CVE•added 2021/05/11 12:15 p.m.•51 views

CVE-2021-31906

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.

4CVSS4.1AI score0.00002EPSS

CVE•added 2021/05/11 1:15 p.m.•51 views

CVE-2021-31912

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.

8.8CVSS8.7AI score0.00006EPSS

CVE•added 2021/08/06 2:15 p.m.•51 views

CVE-2021-37547

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.

5.3CVSS5.3AI score0.00004EPSS

CVE•added 2021/08/06 2:15 p.m.•49 views

CVE-2021-37544

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.

9.8CVSS9.4AI score0.00015EPSS

CVE•added 2021/02/03 4:15 p.m.•48 views

CVE-2020-35667

JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.

7.5CVSS7.4AI score0.00004EPSS

CVE•added 2021/05/11 12:15 p.m.•48 views

CVE-2021-26309

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

3.3CVSS3.9AI score0.00001EPSS

CVE•added 2021/08/06 2:15 p.m.•48 views

CVE-2021-37542

In JetBrains TeamCity before 2020.2.3, XSS was possible.

6.1CVSS5.9AI score0.00012EPSS

CVE•added 2021/08/06 2:15 p.m.•48 views

CVE-2021-37546

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.

5.3CVSS5.3AI score0.00003EPSS

CVE•added 2021/11/09 3:15 p.m.•48 views

CVE-2021-43193

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.

9.8CVSS9.7AI score0.00017EPSS

CVE•added 2021/08/06 2:15 p.m.•47 views

CVE-2021-37548

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.

7.5CVSS7.4AI score0.00003EPSS

CVE•added 2021/11/09 3:15 p.m.•45 views

CVE-2021-43196

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.

7.5CVSS7.2AI score0.00005EPSS

CVE•added 2021/02/03 4:15 p.m.•44 views

CVE-2021-25772

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.

5.3CVSS5.3AI score0.00006EPSS

CVE•added 2021/02/03 4:15 p.m.•42 views

CVE-2021-25775

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.

5.5CVSS4.5AI score0.00003EPSS

CVE•added 2021/05/11 12:15 p.m.•42 views

CVE-2021-31908

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

5.4CVSS5.2AI score0.00008EPSS

CVE•added 2021/05/11 12:15 p.m.•42 views

CVE-2021-31909

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

9.8CVSS9.8AI score0.00149EPSS

CVE•added 2021/02/03 4:15 p.m.•41 views

CVE-2021-25773

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.

6.1CVSS6AI score0.00007EPSS

CVE•added 2021/05/11 12:15 p.m.•41 views

CVE-2021-26310

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.

7.5CVSS7.5AI score0.00005EPSS

CVE•added 2021/05/11 12:15 p.m.•41 views

CVE-2021-3315

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

5.4CVSS5.2AI score0.00008EPSS

CVE•added 2021/02/03 4:15 p.m.•40 views

CVE-2021-25778

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.

5.3CVSS5.3AI score0.00004EPSS

CVE•added 2021/11/09 3:15 p.m.•40 views

CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.

6.1CVSS6.2AI score0.00012EPSS

CVE•added 2021/05/11 1:15 p.m.•39 views

CVE-2021-31911

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.

6.1CVSS6AI score0.00015EPSS

CVE•added 2021/11/09 3:15 p.m.•39 views

CVE-2021-43195

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.

5.3CVSS5.3AI score0.00005EPSS

CVE•added 2021/02/03 4:15 p.m.•38 views

CVE-2021-25776

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.

7.5CVSS7.4AI score0.00004EPSS

CVE•added 2021/05/11 1:15 p.m.•38 views

CVE-2021-31910

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.

7.5CVSS7.2AI score0.00006EPSS

CVE•added 2021/05/11 1:15 p.m.•38 views

CVE-2021-31913

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.

7.5CVSS7.6AI score0.00002EPSS

CVE•added 2021/11/09 3:15 p.m.•38 views

CVE-2021-43198

In JetBrains TeamCity before 2021.1.2, stored XSS is possible.

5.4CVSS5.2AI score0.00013EPSS

CVE•added 2021/11/09 3:15 p.m.•38 views

CVE-2021-43199

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.

5.3CVSS5.2AI score0.00004EPSS

CVE•added 2021/11/09 3:15 p.m.•37 views

CVE-2021-43200

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2021/05/11 12:15 p.m.•36 views

CVE-2021-31904

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

6.1CVSS6AI score0.00011EPSS

CVE•added 2021/05/11 12:15 p.m.•36 views

CVE-2021-31907

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2021/11/30 4:15 p.m.•36 views

CVE-2021-43202

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.

9.8CVSS9.4AI score0.00006EPSS

CVE•added 2021/02/03 4:15 p.m.•34 views

CVE-2021-25777

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.

5.3CVSS5.4AI score0.00003EPSS

CVE•added 2021/11/09 3:15 p.m.•34 views

CVE-2021-43194

In JetBrains TeamCity before 2021.1.2, user enumeration was possible.

5.3CVSS5.3AI score0.00005EPSS

CVE•added 2021/05/11 1:15 p.m.•32 views

CVE-2021-31914

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

9.8CVSS9.6AI score0.0004EPSS

CVE•added 2021/11/09 3:15 p.m.•32 views

CVE-2021-43201

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.

5.3CVSS5.2AI score0.00005EPSS