34 matches found
CVE-2025-31139
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
CVE-2025-24461
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
CVE-2025-26492
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVE-2025-46618
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
CVE-2025-24459
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
CVE-2025-31140
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
CVE-2025-31141
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
CVE-2025-46432
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
CVE-2025-26493
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
CVE-2025-46433
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
CVE-2025-24460
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
CVE-2025-47852
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
CVE-2025-47851
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
CVE-2025-47853
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
CVE-2025-57732
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
CVE-2025-54529
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVE-2025-54536
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVE-2025-52875
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
CVE-2025-52877
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
CVE-2025-52879
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
CVE-2025-54530
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVE-2025-57734
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
CVE-2025-52876
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
CVE-2025-54528
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVE-2025-54531
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVE-2025-54532
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54533
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54534
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-54535
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVE-2025-54537
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-54538
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
CVE-2025-52878
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions