Skip to main content

Teamcity

241 CVEs product

Monthly

CVE-2024-35301 MEDIUM This Month

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-35300 MEDIUM This Month

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-31140 MEDIUM This Month

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-31139 HIGH This Week

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-31138 MEDIUM This Month

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
74.5%
CVE-2024-31137 MEDIUM This Month

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-31136 HIGH This Week

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2024-31135 MEDIUM This Month

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-31134 MEDIUM This Month

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-29880 HIGH This Week

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28174 MEDIUM This Month

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.8
EPSS
0.3%
CVE-2024-28173 MEDIUM This Month

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-27198 CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2024-24942 MEDIUM This Month

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
32.0%
CVE-2024-24938 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-24937 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-24936 MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23917 CRITICAL POC THREAT Act Now

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
53.7%
CVE-2023-50870 HIGH This Week

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-43566 MEDIUM This Month

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-42793 CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-41250 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41249 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
53.1%
CVE-2023-41248 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-39175 MEDIUM This Month

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-39174 HIGH This Week

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-39173 HIGH This Week

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-38067 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38066 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-38065 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-38064 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38063 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-38062 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-38061 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34229 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34228 MEDIUM This Month

In JetBrains TeamCity before 2023.05 authentication checks were missing - 2FA was not checked for some sensitive account actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-34227 HIGH This Week

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-34226 MEDIUM This Month

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-34225 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
60.7%
CVE-2023-34224 MEDIUM This Month

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-34223 MEDIUM This Month

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-34222 MEDIUM This Month

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-34221 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34220 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
61.2%
CVE-2023-34219 MEDIUM This Month

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-34218 CRITICAL Act Now

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-46831 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2022-46830 MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-44646 MEDIUM This Month

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-44624 HIGH This Week

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44623 HIGH This Week

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44622 MEDIUM This Month

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-40979 MEDIUM This Month

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-38133 MEDIUM This Month

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-36322 HIGH This Week

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-36321 MEDIUM This Month

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-29929 MEDIUM This Month

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-29928 MEDIUM This Month

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-29927 MEDIUM This Month

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25264 HIGH This Week

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-25263 CRITICAL Act Now

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-25261 MEDIUM This Month

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24342 HIGH This Week

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2022-24341 HIGH This Week

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-24340 CRITICAL Act Now

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-24339 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-24338 MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-24337 MEDIUM This Month

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24336 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24335 HIGH This Week

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-24334 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-24333 MEDIUM This Month

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-24332 MEDIUM This Month

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-24331 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-24330 MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43202 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43201 MEDIUM This Month

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43200 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-43199 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-43198 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, stored XSS is possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-43197 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43196 HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43195 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-43194 MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, user enumeration was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-43193 CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37548 HIGH This Week

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-37547 MEDIUM This Month

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-37546 MEDIUM This Month

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37545 HIGH This Week

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37544 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Teamcity
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 8.1
HIGH This Week

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
EPSS 74% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.4
HIGH This Week

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2024.03 open redirect was possible on the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
EPSS 32% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 54% CVSS 9.8
CRITICAL POC THREAT Act Now

In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teamcity
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 53% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcity
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Teamcity
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2023.05 authentication checks were missing - 2FA was not checked for some sensitive account actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 61% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 61% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2022.04.2 build parameter injection was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 3% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 8.1
HIGH This Week

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, stored XSS is possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.1.2, user enumeration was possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Teamcity
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy