29 matches found
CVE-2022-24336
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24333
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24342
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
CVE-2022-24331
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-29928
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
CVE-2022-24338
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24341
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
CVE-2022-24330
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2022-24335
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2022-25264
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVE-2022-24337
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24340
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
CVE-2022-24332
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-25263
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-29929
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
CVE-2022-24339
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2022-25261
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
CVE-2022-29927
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
CVE-2022-36321
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
CVE-2022-40979
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
CVE-2022-38133
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2022-44622
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44646
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
CVE-2022-44623
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
CVE-2022-44624
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters