Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

35 matches found

CVE•added 2023/09/19 5:15 p.m.•3063 views

CVE-2023-42793

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

9.8CVSS9.6AI score0.94584EPSS

CVE•added 2023/05/31 2:15 p.m.•70 views

CVE-2023-34218

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible

9.8CVSS9.3AI score0.00003EPSS

CVE•added 2023/03/27 5:15 p.m.•57 views

CVE-2022-48427

In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible

5.4CVSS5.2AI score0.00096EPSS

CVE•added 2023/02/23 4:15 p.m.•51 views

CVE-2022-48343

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

6.1CVSS5.9AI score0.05024EPSS

CVE•added 2023/03/27 4:15 p.m.•51 views

CVE-2022-48426

In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

5.4CVSS5.2AI score0.00094EPSS

CVE•added 2023/09/19 5:15 p.m.•49 views

CVE-2023-43566

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

5.4CVSS5.2AI score0.00099EPSS

CVE•added 2023/02/23 4:15 p.m.•47 views

CVE-2022-48344

In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

6.1CVSS5.9AI score0.00088EPSS

CVE•added 2023/03/27 5:15 p.m.•46 views

CVE-2022-48428

In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible

5.4CVSS5.2AI score0.07231EPSS

CVE•added 2023/05/31 2:15 p.m.•44 views

CVE-2023-34227

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

7.5CVSS7.4AI score0.00007EPSS

CVE•added 2023/02/23 4:15 p.m.•43 views

CVE-2022-48342

In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

9.8CVSS9.4AI score0.00003EPSS

CVE•added 2023/07/25 3:15 p.m.•43 views

CVE-2023-39173

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

8.8CVSS8.7AI score0.00042EPSS

CVE•added 2023/07/25 3:15 p.m.•43 views

CVE-2023-39175

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

6.1CVSS6AI score0.2547EPSS

CVE•added 2023/05/31 2:15 p.m.•42 views

CVE-2023-34224

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

4.8CVSS5.2AI score0.00003EPSS

CVE•added 2023/05/31 2:15 p.m.•38 views

CVE-2023-34229

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible

5.4CVSS5AI score0.00103EPSS

CVE•added 2023/07/12 1:15 p.m.•38 views

CVE-2023-38065

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible

5.4CVSS5.2AI score0.50447EPSS

CVE•added 2023/12/15 2:15 p.m.•38 views

CVE-2023-50870

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

8.8CVSS8.6AI score0.00008EPSS

CVE•added 2023/05/31 2:15 p.m.•37 views

CVE-2023-34222

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible

6.1CVSS5.9AI score0.00055EPSS

CVE•added 2023/08/25 1:15 p.m.•37 views

CVE-2023-41248

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

5.4CVSS5.2AI score0.01017EPSS

CVE•added 2023/05/31 2:15 p.m.•36 views

CVE-2023-34228

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

6.5CVSS6.6AI score0.00003EPSS

CVE•added 2023/07/25 3:15 p.m.•36 views

CVE-2023-39174

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

7.5CVSS7.5AI score0.00002EPSS

CVE•added 2023/05/31 2:15 p.m.•35 views

CVE-2023-34219

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API

4.3CVSS4.6AI score0.00003EPSS

CVE•added 2023/05/31 2:15 p.m.•35 views

CVE-2023-34223

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases

5.3CVSS5.3AI score0.00007EPSS

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38061

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible

5.4CVSS5.2AI score0.50447EPSS

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38064

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log

6.5CVSS6.4AI score0.00006EPSS

CVE•added 2023/07/12 1:15 p.m.•34 views

CVE-2023-38067

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

6.5CVSS6.4AI score0.00006EPSS

CVE•added 2023/08/25 1:15 p.m.•34 views

CVE-2023-41250

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

6.1CVSS6AI score0.00322EPSS

CVE•added 2023/05/31 2:15 p.m.•33 views

CVE-2023-34226

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible

6.1CVSS5.9AI score0.00055EPSS

CVE•added 2023/06/29 3:15 p.m.•32 views

CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

6.5CVSS6.4AI score0.00002EPSS

CVE•added 2023/05/31 2:15 p.m.•32 views

CVE-2023-34225

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible

5.4CVSS5.2AI score0.0772EPSS

CVE•added 2023/07/12 1:15 p.m.•32 views

CVE-2023-38063

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible

5.4CVSS5.2AI score0.50447EPSS

CVE•added 2023/05/31 2:15 p.m.•31 views

CVE-2023-34220

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible

5.4CVSS5.2AI score0.05849EPSS

CVE•added 2023/05/31 2:15 p.m.•31 views

CVE-2023-34221

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible

5.4CVSS5.2AI score0.00103EPSS

CVE•added 2023/07/12 1:15 p.m.•31 views

CVE-2023-38066

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

6.1CVSS5.9AI score0.3085EPSS

CVE•added 2023/08/25 1:15 p.m.•30 views

CVE-2023-41249

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

6.1CVSS6AI score0.87314EPSS

CVE•added 2023/07/12 1:15 p.m.•28 views

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations

6.5CVSS6.4AI score0.00006EPSS