Skip to main content

Teamcity

241 CVEs product

Monthly

CVE-2021-37542 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, XSS was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31915 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-31914 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-31913 HIGH This Week

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-31912 HIGH This Week

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31911 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31910 HIGH This Week

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-3315 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31909 CRITICAL Act Now

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-31908 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31907 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31906 LOW Monitor

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
2.7
EPSS
0.6%
CVE-2021-31904 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-26310 HIGH This Week

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-26309 LOW Monitor

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25778 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25777 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-25776 HIGH This Week

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-25775 LOW Monitor

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
3.8
EPSS
0.6%
CVE-2021-25774 MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-25773 MEDIUM This Month

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25772 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-27627 MEDIUM This Month

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-27629 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-27628 MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15831 MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15830 MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-15829 MEDIUM This Month

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15828 MEDIUM This Month

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-15826 MEDIUM This Month

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-15825 HIGH This Week

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-11938 MEDIUM This Month

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2020-11689 MEDIUM This Month

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-11688 HIGH This Week

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-11687 HIGH This Week

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-11686 LOW Monitor

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
2.7
EPSS
0.7%
CVE-2020-7911 MEDIUM This Month

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-7910 MEDIUM This Month

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7909 HIGH This Week

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-7908 MEDIUM This Month

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-18367 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-18366 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-18365 MEDIUM This Month

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-18364 CRITICAL Act Now

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Teamcity
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-18363 MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2019-15037 MEDIUM This Month

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-15036 HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2019-12157 CRITICAL Act Now

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity Upsource
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-15035 MEDIUM This Month

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2019-15042 HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-15038 HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15039 CRITICAL POC THREAT Act Now

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Teamcity
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
12.9%
CVE-2019-15848 MEDIUM PATCH This Month

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Teamcity
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2019-12846 MEDIUM This Month

A user without the required permissions could gain access to some JetBrains TeamCity settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2019-12845 MEDIUM This Month

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2019-12844 MEDIUM This Month

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12843 MEDIUM This Month

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12842 MEDIUM This Month

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-12841 HIGH This Week

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2014-10036 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Teamcity
NVD
CVSS 2.0
4.3
EPSS
0.0%
CVE-2014-10002 MEDIUM This Month

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 2.0
5.0
EPSS
0.0%
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, XSS was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Teamcity
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Teamcity
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Information Disclosure Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Teamcity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 2.7
LOW Monitor

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 3.8
LOW Monitor

In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 2.7
LOW Monitor

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Teamcity
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 2% CVSS 7.2
HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Teamcity
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity Upsource
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in JetBrains TeamCity 2018.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Teamcity
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Teamcity
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

A user without the required permissions could gain access to some JetBrains TeamCity settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Teamcity
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Teamcity
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy