Teamcity Security Vulnerabilities and Issues — Teamcity CVE List

Lucene search

JetbrainsTeamcity

65 matches found

CVE•added 2024/03/04 6:15 p.m.•477 views

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

9.8CVSS9.6AI score0.94577EPSS

CVE•added 2024/02/06 10:15 a.m.•196 views

CVE-2024-23917

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

9.8CVSS9.7AI score0.94377EPSS

CVE•added 2024/03/04 6:15 p.m.•178 views

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

7.3CVSS8.3AI score0.94489EPSS

CVE•added 2024/10/08 4:15 p.m.•88 views

CVE-2024-47161

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

6.5CVSS4.9AI score0.00003EPSS

CVE•added 2024/05/29 2:15 p.m.•71 views

CVE-2024-36368

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible

5.4CVSS5.8AI score0.00477EPSS

CVE•added 2024/05/29 2:15 p.m.•68 views

CVE-2024-36370

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

5.4CVSS5.5AI score0.25974EPSS

CVE•added 2024/07/22 3:15 p.m.•68 views

CVE-2024-41829

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

7.5CVSS7.2AI score0.00002EPSS

CVE•added 2024/05/29 2:15 p.m.•67 views

CVE-2024-36377

In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions

8.1CVSS7.2AI score0.00003EPSS

CVE•added 2024/03/28 3:15 p.m.•58 views

CVE-2024-31137

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration

6.8CVSS6AI score0.00136EPSS

CVE•added 2024/03/28 3:15 p.m.•57 views

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector

8.1CVSS6.8AI score0.00003EPSS

CVE•added 2024/03/28 3:15 p.m.•56 views

CVE-2024-31138

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings

5.4CVSS5.5AI score0.8781EPSS

CVE•added 2024/07/01 5:15 p.m.•55 views

CVE-2024-39879

In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings

5.3CVSS5.2AI score0.00002EPSS

CVE•added 2024/02/06 10:15 a.m.•53 views

CVE-2024-24942

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

5.3CVSS5.3AI score0.00094EPSS

CVE•added 2024/12/20 3:15 p.m.•52 views

CVE-2024-56351

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

8.8CVSS7AI score0.0006EPSS

CVE•added 2024/03/28 3:15 p.m.•51 views

CVE-2024-31135

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

6.1CVSS6.8AI score0.00151EPSS

CVE•added 2024/03/28 3:15 p.m.•51 views

CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

7.4CVSS6.8AI score0.00004EPSS

CVE•added 2024/12/20 3:15 p.m.•49 views

CVE-2024-56352

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

5.4CVSS5.9AI score0.13381EPSS

CVE•added 2024/03/06 5:15 p.m.•48 views

CVE-2024-28173

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

4.3CVSS4.7AI score0.00005EPSS

CVE•added 2024/03/21 2:15 p.m.•48 views

CVE-2024-29880

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

7.8CVSS6.8AI score0.00002EPSS

CVE•added 2024/03/28 3:15 p.m.•48 views

CVE-2024-31134

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

6.5CVSS6.7AI score0.00007EPSS

CVE•added 2024/05/16 11:15 a.m.•48 views

CVE-2024-35302

In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible

6.1CVSS5.8AI score0.28951EPSS

CVE•added 2024/03/06 5:15 p.m.•47 views

CVE-2024-28174

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

5.8CVSS5.7AI score0.0001EPSS

CVE•added 2024/03/28 3:15 p.m.•46 views

CVE-2024-31140

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

4.9CVSS7AI score0.0001EPSS

CVE•added 2024/05/29 2:15 p.m.•46 views

CVE-2024-36362

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible

6.5CVSS6.6AI score0.00006EPSS

CVE•added 2024/05/29 2:15 p.m.•46 views

CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

6.1CVSS6AI score0.1551EPSS

CVE•added 2024/07/01 5:15 p.m.•46 views

CVE-2024-39878

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

5.3CVSS4.6AI score0.00002EPSS

CVE•added 2024/07/22 3:15 p.m.•46 views

CVE-2024-41826

In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page

4.8CVSS6AI score0.0013EPSS

CVE•added 2024/12/20 3:15 p.m.•46 views

CVE-2024-56348

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

4.3CVSS7AI score0.00002EPSS

CVE•added 2024/05/16 11:15 a.m.•45 views

CVE-2024-35300

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible

6.1CVSS5.8AI score0.00137EPSS

CVE•added 2024/05/29 2:15 p.m.•45 views

CVE-2024-36365

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent

8.1CVSS6.8AI score0.00007EPSS

CVE•added 2024/05/29 2:15 p.m.•45 views

CVE-2024-36369

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

5.4CVSS5.5AI score0.35584EPSS

CVE•added 2024/05/29 2:15 p.m.•44 views

CVE-2024-36364

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible

6.5CVSS6.8AI score0.00004EPSS

CVE•added 2024/05/29 2:15 p.m.•44 views

CVE-2024-36470

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases

9.8CVSS7.1AI score0.00002EPSS

CVE•added 2024/07/22 3:15 p.m.•44 views

CVE-2024-41825

In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab

5.4CVSS4.7AI score0.24472EPSS

CVE•added 2024/07/22 3:15 p.m.•44 views

CVE-2024-41827

In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

9.8CVSS7AI score0.00003EPSS

CVE•added 2024/12/20 3:15 p.m.•44 views

CVE-2024-56350

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects

4.3CVSS7AI score0.00002EPSS

CVE•added 2024/12/20 3:15 p.m.•44 views

CVE-2024-56354

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

5.5CVSS7.1AI score0.00001EPSS

CVE•added 2024/12/20 3:15 p.m.•44 views

CVE-2024-56355

In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

5.4CVSS6.1AI score0.13381EPSS

CVE•added 2024/05/29 2:15 p.m.•43 views

CVE-2024-36363

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible

5.4CVSS6AI score0.35584EPSS

CVE•added 2024/05/29 2:15 p.m.•43 views

CVE-2024-36376

In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions

8.1CVSS6.7AI score0.00003EPSS

CVE•added 2024/05/29 2:15 p.m.•43 views

CVE-2024-36378

In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens

7.5CVSS6.8AI score0.00007EPSS

CVE•added 2024/07/22 3:15 p.m.•43 views

CVE-2024-41824

In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases

6.5CVSS6.9AI score0.00007EPSS

CVE•added 2024/08/16 3:15 p.m.•43 views

CVE-2024-43810

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin

5.4CVSS6.1AI score0.3321EPSS

CVE•added 2024/12/20 3:15 p.m.•43 views

CVE-2024-56356

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

7.1CVSS6.9AI score0.00002EPSS

CVE•added 2024/05/16 11:15 a.m.•42 views

CVE-2024-35301

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token

5.5CVSS6.8AI score0.00012EPSS

CVE•added 2024/05/29 2:15 p.m.•42 views

CVE-2024-36373

In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible

5.4CVSS5.8AI score0.24512EPSS

CVE•added 2024/07/22 3:15 p.m.•42 views

CVE-2024-41828

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

6.5CVSS7AI score0.00003EPSS

CVE•added 2024/08/16 3:15 p.m.•42 views

CVE-2024-43809

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

6.1CVSS6.2AI score0.0008EPSS

CVE•added 2024/05/29 2:15 p.m.•41 views

CVE-2024-36375

In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed

5.3CVSS6.5AI score0.00006EPSS

CVE•added 2024/12/20 3:15 p.m.•41 views

CVE-2024-56353

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

6.5CVSS7.1AI score0.00002EPSS

Total number of security vulnerabilities65