Approved changes feed: RSS · Atom
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Jetbrains (b1b7db7a-bd16-5477-8e89-fb64c5636fcd) |
|---|---|
| Product | Teamcity (7b9540cf-6355-5a98-8cf5-3933af175178) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-49381 |
vulnerable | 2026-06-03 15:26:24.132286 |
Details available
LOW (3.4)
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
Published: 2026-05-29T18:15:51.705Z
Updated: 2026-05-29T19:28:20.179Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49380 |
vulnerable | 2026-06-03 15:26:24.132180 |
Details available
LOW (3.1)
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Published: 2026-05-29T18:15:51.324Z
Updated: 2026-05-29T19:28:34.828Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49379 |
vulnerable | 2026-06-03 15:26:24.131961 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
Published: 2026-05-29T18:15:50.938Z
Updated: 2026-05-29T19:28:49.269Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49378 |
vulnerable | 2026-06-03 15:26:24.131853 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
Published: 2026-05-29T18:15:50.538Z
Updated: 2026-05-29T19:29:03.223Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49377 |
vulnerable | 2026-06-03 15:26:24.131636 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
Published: 2026-05-29T18:15:50.145Z
Updated: 2026-05-29T19:29:16.691Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49376 |
vulnerable | 2026-06-03 15:26:24.131525 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
Published: 2026-05-29T18:15:49.766Z
Updated: 2026-05-29T19:29:30.864Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49375 |
vulnerable | 2026-06-03 15:26:24.131400 |
Details available
MEDIUM (6.1)
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
Published: 2026-05-29T18:15:49.375Z
Updated: 2026-05-29T19:29:45.031Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49374 |
vulnerable | 2026-06-03 15:26:24.131161 |
Details available
HIGH (7.6)
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
Published: 2026-05-29T18:15:48.977Z
Updated: 2026-05-29T19:29:59.489Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49373 |
vulnerable | 2026-06-03 15:26:24.131029 |
Details available
HIGH (7.1)
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
Published: 2026-05-29T18:15:48.600Z
Updated: 2026-05-30T03:57:37.194Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49372 |
vulnerable | 2026-06-03 15:26:24.130747 |
Details available
HIGH (7.5)
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
Published: 2026-05-29T18:15:48.229Z
Updated: 2026-05-29T19:30:12.967Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-49371 |
vulnerable | 2026-06-03 15:26:24.130548 |
Details available
HIGH (7.1)
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
Published: 2026-05-29T18:15:47.806Z
Updated: 2026-05-29T19:30:26.332Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-44413 |
vulnerable | 2026-06-03 15:25:03.130372 |
Details available
HIGH (8.2)
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
Published: 2026-05-11T17:42:06.164Z
Updated: 2026-05-11T18:35:23.104Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28196 |
vulnerable | 2026-06-03 15:18:08.126608 |
Details available
LOW (2.3)
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
Published: 2026-02-25T12:57:29.497Z
Updated: 2026-02-25T14:40:40.502Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28195 |
vulnerable | 2026-06-03 15:18:08.126374 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
Published: 2026-02-25T12:57:28.907Z
Updated: 2026-02-25T14:42:36.845Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-28194 |
vulnerable | 2026-06-03 15:18:08.126118 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
Published: 2026-02-25T12:57:28.241Z
Updated: 2026-02-25T14:49:54.635Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68268 |
vulnerable | 2026-06-03 15:11:03.030967 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
Published: 2025-12-16T15:27:31.812Z
Updated: 2025-12-16T21:36:52.080Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68267 |
vulnerable | 2026-06-03 15:11:03.030502 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
Published: 2025-12-16T15:27:30.812Z
Updated: 2025-12-16T21:36:18.748Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68166 |
vulnerable | 2026-06-03 15:11:02.959164 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
Published: 2025-12-16T15:27:30.309Z
Updated: 2025-12-16T15:52:43.330Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68165 |
vulnerable | 2026-06-03 15:11:02.958745 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
Published: 2025-12-16T15:27:29.303Z
Updated: 2025-12-16T15:52:36.453Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68164 |
vulnerable | 2026-06-03 15:11:02.958432 |
Details available
LOW (2.7)
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
Published: 2025-12-16T15:27:28.681Z
Updated: 2025-12-16T15:52:29.772Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68163 |
vulnerable | 2026-06-03 15:11:02.958187 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
Published: 2025-12-16T15:27:27.919Z
Updated: 2025-12-16T15:52:22.380Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-68162 |
vulnerable | 2026-06-03 15:11:02.957812 |
Details available
LOW (2.7)
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
Published: 2025-12-16T15:27:27.234Z
Updated: 2025-12-16T15:52:13.965Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67742 |
vulnerable | 2026-06-03 15:11:02.267856 |
Details available
LOW (3.8)
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Published: 2025-12-11T15:19:07.235Z
Updated: 2025-12-11T15:47:06.063Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67741 |
vulnerable | 2026-06-03 15:11:02.267609 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Published: 2025-12-11T15:19:06.541Z
Updated: 2025-12-11T15:47:47.602Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67740 |
vulnerable | 2026-06-03 15:11:02.267235 |
Details available
LOW (2.7)
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Published: 2025-12-11T15:19:05.873Z
Updated: 2025-12-11T15:53:02.943Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-67739 |
vulnerable | 2026-06-03 15:11:02.266964 |
Details available
LOW (3.1)
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Published: 2025-12-11T15:19:05.143Z
Updated: 2025-12-11T15:48:41.175Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59457 |
vulnerable | 2026-06-03 15:06:25.149186 |
Details available
HIGH (7.7)
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
Published: 2025-09-17T09:04:02.731Z
Updated: 2025-09-17T13:00:52.797Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59456 |
vulnerable | 2026-06-03 15:06:25.148935 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
Published: 2025-09-17T09:04:02.094Z
Updated: 2025-09-17T12:59:54.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59455 |
vulnerable | 2026-06-03 15:06:25.148621 |
Details available
MEDIUM (4.2)
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
Published: 2025-09-17T09:04:01.021Z
Updated: 2025-09-17T12:59:24.916Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57734 |
vulnerable | 2026-06-03 15:04:59.918423 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
Published: 2025-08-20T09:14:01.457Z
Updated: 2025-08-20T13:20:01.275Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57733 |
vulnerable | 2026-06-03 15:04:59.918193 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
Published: 2025-08-20T09:14:00.896Z
Updated: 2025-08-20T13:21:10.847Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57732 |
vulnerable | 2026-06-03 15:04:59.917831 |
Details available
HIGH (7.5)
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
Published: 2025-08-20T09:14:00.271Z
Updated: 2026-02-26T17:48:24.783Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54538 |
vulnerable | 2026-06-03 15:04:56.251231 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Published: 2025-07-28T16:20:47.459Z
Updated: 2025-07-28T17:23:48.567Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54537 |
vulnerable | 2026-06-03 15:04:56.250831 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Published: 2025-07-28T16:20:46.792Z
Updated: 2025-07-28T17:28:27.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54536 |
vulnerable | 2026-06-03 15:04:56.250506 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Published: 2025-07-28T16:20:46.257Z
Updated: 2025-07-28T17:28:51.312Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54535 |
vulnerable | 2026-06-03 15:04:56.250276 |
Details available
MEDIUM (5.8)
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Published: 2025-07-28T16:20:45.628Z
Updated: 2025-07-28T17:29:53.025Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54534 |
vulnerable | 2026-06-03 15:04:56.249927 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Published: 2025-07-28T16:20:44.842Z
Updated: 2025-07-28T17:31:26.157Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54533 |
vulnerable | 2026-06-03 15:04:56.249707 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Published: 2025-07-28T16:20:44.053Z
Updated: 2025-07-28T17:31:53.566Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54532 |
vulnerable | 2026-06-03 15:04:56.249472 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Published: 2025-07-28T16:20:43.516Z
Updated: 2025-07-28T17:27:43.634Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54531 |
vulnerable | 2026-06-03 15:04:56.249219 |
Details available
HIGH (7.7)
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Published: 2025-07-28T16:20:42.843Z
Updated: 2026-02-26T17:50:14.140Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54530 |
vulnerable | 2026-06-03 15:04:56.248843 |
Details available
HIGH (7.5)
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Published: 2025-07-28T16:20:42.098Z
Updated: 2026-02-26T17:50:14.327Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54529 |
vulnerable | 2026-06-03 15:04:56.248589 |
Details available
LOW (3.7)
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Published: 2025-07-28T16:20:40.171Z
Updated: 2025-07-28T17:43:24.941Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-54528 |
vulnerable | 2026-06-03 15:04:56.248239 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
Published: 2025-07-28T16:20:39.378Z
Updated: 2025-07-28T17:41:56.186Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52879 |
vulnerable | 2026-06-03 15:03:52.642628 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
Published: 2025-06-23T14:13:48.832Z
Updated: 2025-06-24T14:34:54.571Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52878 |
vulnerable | 2026-06-03 15:03:52.642376 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
Published: 2025-06-23T14:13:48.367Z
Updated: 2025-06-23T15:17:33.935Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52877 |
vulnerable | 2026-06-03 15:03:52.642136 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
Published: 2025-06-23T14:13:47.898Z
Updated: 2025-06-23T16:11:17.152Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52876 |
vulnerable | 2026-06-03 15:03:52.641882 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
Published: 2025-06-23T14:13:47.315Z
Updated: 2025-06-23T17:46:33.196Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-52875 |
vulnerable | 2026-06-03 15:03:52.641557 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
Published: 2025-06-23T14:13:46.775Z
Updated: 2025-06-23T17:46:52.701Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47854 |
vulnerable | 2026-06-03 15:01:33.452081 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
Published: 2025-05-20T17:37:46.240Z
Updated: 2025-05-20T17:50:22.528Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47853 |
vulnerable | 2026-06-03 15:01:33.451840 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
Published: 2025-05-20T17:37:45.475Z
Updated: 2025-05-20T17:50:35.889Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47852 |
vulnerable | 2026-06-03 15:01:33.451586 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
Published: 2025-05-20T17:37:44.700Z
Updated: 2025-05-20T17:50:48.261Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47851 |
vulnerable | 2026-06-03 15:01:33.451199 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
Published: 2025-05-20T17:37:44.096Z
Updated: 2025-05-20T17:51:01.230Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46618 |
vulnerable | 2026-06-03 15:01:27.732299 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
Published: 2025-04-25T14:32:34.480Z
Updated: 2025-04-25T15:26:24.753Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46433 |
vulnerable | 2026-06-03 15:01:27.357867 |
Details available
MEDIUM (4.9)
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
Published: 2025-04-25T14:32:33.866Z
Updated: 2025-04-25T15:26:46.712Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46432 |
vulnerable | 2026-06-03 15:01:27.357388 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
Published: 2025-04-25T14:32:33.207Z
Updated: 2025-04-25T15:27:09.553Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-31141 |
vulnerable | 2026-06-03 15:00:30.300707 |
Details available
LOW (2.7)
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
Published: 2025-03-27T11:24:31.688Z
Updated: 2025-03-27T13:14:14.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-31140 |
vulnerable | 2026-06-03 15:00:30.300440 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
Published: 2025-03-27T11:24:31.181Z
Updated: 2025-03-27T13:16:49.211Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-31139 |
vulnerable | 2026-06-03 15:00:30.300020 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
Published: 2025-03-27T11:24:30.733Z
Updated: 2025-03-27T13:20:29.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26493 |
vulnerable | 2026-06-03 14:59:59.340171 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
Published: 2025-02-11T13:56:47.898Z
Updated: 2025-02-11T14:20:07.724Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26492 |
vulnerable | 2026-06-03 14:59:59.339825 |
Details available
HIGH (7.7)
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
Published: 2025-02-11T13:56:48.411Z
Updated: 2025-02-11T14:19:06.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24461 |
vulnerable | 2026-06-03 14:59:56.037169 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
Published: 2025-01-21T17:23:20.740Z
Updated: 2025-01-21T18:41:29.249Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24460 |
vulnerable | 2026-06-03 14:59:56.036876 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
Published: 2025-01-21T17:23:20.190Z
Updated: 2025-01-21T18:41:36.784Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-24459 |
vulnerable | 2026-06-03 14:59:56.036447 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
Published: 2025-01-21T17:23:19.526Z
Updated: 2025-01-21T18:41:43.325Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56356 |
vulnerable | 2026-06-03 14:57:42.964062 |
Details available
MEDIUM (5.9)
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
Published: 2024-12-20T14:11:17.496Z
Updated: 2024-12-20T17:35:31.293Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56355 |
vulnerable | 2026-06-03 14:57:42.963788 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
Published: 2024-12-20T14:11:17.093Z
Updated: 2024-12-20T17:35:39.670Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56354 |
vulnerable | 2026-06-03 14:57:42.963508 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
Published: 2024-12-20T14:11:16.668Z
Updated: 2024-12-20T17:35:48.291Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56353 |
vulnerable | 2026-06-03 14:57:42.963221 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
Published: 2024-12-20T14:11:16.333Z
Updated: 2024-12-20T17:35:55.458Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56352 |
vulnerable | 2026-06-03 14:57:42.962933 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
Published: 2024-12-20T14:11:15.886Z
Updated: 2024-12-20T17:36:04.249Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56351 |
vulnerable | 2026-06-03 14:57:42.962543 |
Details available
MEDIUM (6.3)
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
Published: 2024-12-20T14:11:15.422Z
Updated: 2024-12-20T17:36:12.805Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56350 |
vulnerable | 2026-06-03 14:57:42.962143 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
Published: 2024-12-20T14:11:14.816Z
Updated: 2024-12-20T17:36:21.734Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56349 |
vulnerable | 2026-06-03 14:57:42.961828 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
Published: 2024-12-20T14:11:14.228Z
Updated: 2024-12-20T16:36:05.123Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-56348 |
vulnerable | 2026-06-03 14:57:42.961441 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
Published: 2024-12-20T14:11:13.812Z
Updated: 2024-12-20T17:36:30.345Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47951 |
vulnerable | 2026-06-03 14:57:02.670667 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Published: 2024-10-08T15:48:16.659Z
Updated: 2024-10-08T16:12:39.615Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47950 |
vulnerable | 2026-06-03 14:57:02.670383 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Published: 2024-10-08T15:48:16.097Z
Updated: 2024-10-08T16:13:07.568Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47949 |
vulnerable | 2026-06-03 14:57:02.670090 |
Details available
MEDIUM (4.9)
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
Published: 2024-10-08T15:48:15.267Z
Updated: 2024-10-08T16:13:37.972Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47948 |
vulnerable | 2026-06-03 14:57:02.669782 |
Details available
MEDIUM (4.9)
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
Published: 2024-10-08T15:48:14.612Z
Updated: 2024-10-08T16:14:10.908Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47161 |
vulnerable | 2026-06-03 14:57:00.773303 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
Published: 2024-10-08T15:48:13.869Z
Updated: 2024-10-08T16:14:45.963Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43810 |
vulnerable | 2026-06-03 14:56:46.919638 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
Published: 2024-08-16T14:51:33.962Z
Updated: 2024-08-16T15:01:57.611Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43809 |
vulnerable | 2026-06-03 14:56:46.919371 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
Published: 2024-08-16T14:51:32.891Z
Updated: 2024-08-16T16:21:52.603Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43808 |
vulnerable | 2026-06-03 14:56:46.919053 |
Details available
LOW (3.7)
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
Published: 2024-08-16T14:51:31.856Z
Updated: 2024-08-20T17:06:14.415Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43807 |
vulnerable | 2026-06-03 14:56:46.918740 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
Published: 2024-08-16T14:51:30.893Z
Updated: 2024-08-19T18:28:29.007Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43114 |
vulnerable | 2026-06-03 14:56:44.506138 |
Details available
HIGH (7.5)
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
Published: 2024-08-06T12:48:25.886Z
Updated: 2024-08-06T13:16:50.111Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41829 |
vulnerable | 2026-06-03 14:56:35.098633 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
Published: 2024-07-22T14:50:24.527Z
Updated: 2024-08-02T04:46:52.691Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41828 |
vulnerable | 2026-06-03 14:56:35.098321 |
Details available
LOW (2.6)
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
Published: 2024-07-22T14:50:23.908Z
Updated: 2024-08-02T04:46:52.671Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41827 |
vulnerable | 2026-06-03 14:56:35.098000 |
Details available
HIGH (7.4)
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
Published: 2024-07-22T14:50:23.371Z
Updated: 2024-08-02T04:46:52.680Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41826 |
vulnerable | 2026-06-03 14:56:35.097654 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
Published: 2024-07-22T14:50:22.717Z
Updated: 2024-08-02T04:46:52.691Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41825 |
vulnerable | 2026-06-03 14:56:35.097297 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
Published: 2024-07-22T14:50:22.219Z
Updated: 2024-08-02T04:46:52.915Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-41824 |
vulnerable | 2026-06-03 14:56:35.096769 |
Details available
MEDIUM (6.4)
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
Published: 2024-07-22T14:50:21.300Z
Updated: 2024-08-02T04:46:52.949Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39879 |
vulnerable | 2026-06-03 14:56:22.599201 |
Details available
MEDIUM (5)
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
Published: 2024-07-01T17:07:46.673Z
Updated: 2024-08-02T04:33:11.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39878 |
vulnerable | 2026-06-03 14:56:22.598765 |
Details available
MEDIUM (4.1)
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
Published: 2024-07-01T17:07:45.890Z
Updated: 2024-08-02T04:33:11.261Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36470 |
vulnerable | 2026-06-03 14:56:04.601745 |
Details available
HIGH (8.1)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
Published: 2024-05-29T13:29:07.173Z
Updated: 2024-08-02T03:37:05.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36378 |
vulnerable | 2026-06-03 14:56:04.263837 |
Details available
MEDIUM (5.9)
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
Published: 2024-05-29T13:29:06.790Z
Updated: 2024-08-02T03:37:05.048Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36377 |
vulnerable | 2026-06-03 14:56:04.263560 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
Published: 2024-05-29T13:29:06.268Z
Updated: 2024-08-02T03:37:05.169Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36376 |
vulnerable | 2026-06-03 14:56:04.263307 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
Published: 2024-05-29T13:29:05.793Z
Updated: 2024-08-02T03:37:05.188Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36375 |
vulnerable | 2026-06-03 14:56:04.262977 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
Published: 2024-05-29T13:29:05.293Z
Updated: 2024-09-03T15:32:46.543Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36374 |
vulnerable | 2026-06-03 14:56:04.262673 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
Published: 2024-05-29T13:29:04.772Z
Updated: 2024-08-02T03:37:05.080Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36373 |
vulnerable | 2026-06-03 14:56:04.262377 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
Published: 2024-05-29T13:29:04.265Z
Updated: 2024-08-02T03:37:04.991Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36372 |
vulnerable | 2026-06-03 14:56:04.262070 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
Published: 2024-05-29T13:29:03.760Z
Updated: 2024-08-02T03:37:05.015Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36371 |
vulnerable | 2026-06-03 14:56:04.261675 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
Published: 2024-05-29T13:29:03.238Z
Updated: 2024-08-02T03:37:04.980Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36370 |
vulnerable | 2026-06-03 14:56:04.261377 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
Published: 2024-05-29T13:29:02.650Z
Updated: 2024-08-02T03:37:05.135Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36369 |
vulnerable | 2026-06-03 14:56:04.260947 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
Published: 2024-05-29T13:29:01.770Z
Updated: 2024-08-02T03:37:05.020Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36368 |
vulnerable | 2026-06-03 14:56:04.260576 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
Published: 2024-05-29T13:29:01.309Z
Updated: 2024-08-02T03:37:05.133Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36367 |
vulnerable | 2026-06-03 14:56:04.260221 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
Published: 2024-05-29T13:29:00.772Z
Updated: 2024-08-02T03:37:04.680Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36366 |
vulnerable | 2026-06-03 14:56:04.259819 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
Published: 2024-05-29T13:28:59.982Z
Updated: 2024-08-02T03:37:05.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36365 |
vulnerable | 2026-06-03 14:56:04.259385 |
Details available
MEDIUM (6.8)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
Published: 2024-05-29T13:28:59.445Z
Updated: 2024-08-02T03:37:05.199Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36364 |
vulnerable | 2026-06-03 14:56:04.257735 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
Published: 2024-05-29T13:28:58.804Z
Updated: 2024-08-02T03:37:04.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36363 |
vulnerable | 2026-06-03 14:56:04.257352 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
Published: 2024-05-29T13:28:58.021Z
Updated: 2024-08-02T03:37:05.045Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36362 |
vulnerable | 2026-06-03 14:56:04.256894 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
Published: 2024-05-29T13:28:57.277Z
Updated: 2024-09-03T18:06:24.164Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35302 |
vulnerable | 2026-06-03 14:55:56.044162 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
Published: 2024-05-16T10:32:01.010Z
Updated: 2024-08-02T03:07:46.843Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35301 |
vulnerable | 2026-06-03 14:55:56.043802 |
Details available
MEDIUM (5.5)
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
Published: 2024-05-16T10:32:00.362Z
Updated: 2024-08-02T03:07:46.947Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-35300 |
vulnerable | 2026-06-03 14:55:56.043374 |
Details available
LOW (3.5)
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
Published: 2024-05-16T10:31:59.565Z
Updated: 2024-08-02T03:07:46.896Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31140 |
vulnerable | 2026-06-03 14:55:39.131514 |
Details available
MEDIUM (4.1)
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
Published: 2024-03-28T15:07:18.660Z
Updated: 2024-08-02T01:46:04.679Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31139 |
vulnerable | 2026-06-03 14:55:39.131212 |
Details available
MEDIUM (5.9)
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
Published: 2024-03-28T15:07:17.944Z
Updated: 2024-08-02T01:46:04.467Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31138 |
vulnerable | 2026-06-03 14:55:39.130901 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Published: 2024-03-28T15:07:17.274Z
Updated: 2024-08-02T01:46:04.891Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31137 |
vulnerable | 2026-06-03 14:55:39.130572 |
Details available
MEDIUM (6.8)
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Published: 2024-03-28T15:07:16.216Z
Updated: 2024-08-02T01:46:04.533Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31136 |
vulnerable | 2026-06-03 14:55:39.130246 |
Details available
HIGH (7.4)
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
Published: 2024-03-28T15:07:15.537Z
Updated: 2024-08-02T01:46:04.541Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31135 |
vulnerable | 2026-06-03 14:55:39.129897 |
Details available
MEDIUM (6.1)
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Published: 2024-03-28T15:07:14.705Z
Updated: 2024-08-02T01:46:04.598Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31134 |
vulnerable | 2026-06-03 14:55:39.129500 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
Published: 2024-03-28T15:07:14.099Z
Updated: 2024-08-02T01:46:04.405Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29880 |
vulnerable | 2026-06-03 14:55:27.588476 |
Details available
MEDIUM (4.2)
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
Published: 2024-03-21T13:56:45.387Z
Updated: 2024-08-02T01:17:58.391Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28174 |
vulnerable | 2026-06-03 14:55:25.262174 |
Details available
MEDIUM (5.8)
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
Published: 2024-03-06T16:52:10.853Z
Updated: 2024-08-02T00:48:49.417Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-28173 |
vulnerable | 2026-06-03 14:55:25.261081 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
Published: 2024-03-06T16:52:10.211Z
Updated: 2024-08-02T00:48:49.258Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27199 |
vulnerable | 2026-06-03 14:55:17.050209 |
Details available
HIGH (7.3)
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
Published: 2024-03-04T17:21:40.081Z
Updated: 2026-04-21T03:55:31.232Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27198 |
vulnerable | 2026-06-03 14:55:17.049790 |
Details available
CRITICAL (9.8)
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Published: 2024-03-04T17:21:39.422Z
Updated: 2025-10-21T23:05:23.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24942 |
vulnerable | 2026-06-03 14:55:06.154890 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Published: 2024-02-06T09:21:31.426Z
Updated: 2024-08-01T23:36:21.219Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24938 |
vulnerable | 2026-06-03 14:55:06.151216 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Published: 2024-02-06T09:21:29.110Z
Updated: 2025-08-27T15:39:55.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24937 |
vulnerable | 2026-06-03 14:55:06.150827 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
Published: 2024-02-06T09:21:28.375Z
Updated: 2024-08-01T23:36:21.127Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-24936 |
vulnerable | 2026-06-03 14:55:06.150479 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
Published: 2024-02-06T09:21:27.544Z
Updated: 2024-08-01T23:36:21.214Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23917 |
vulnerable | 2026-06-03 14:55:04.911587 |
Details available
CRITICAL (9.8)
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Published: 2024-02-06T09:21:31.957Z
Updated: 2024-08-01T23:13:08.604Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-50870 |
vulnerable | 2026-06-03 14:53:31.620852 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
Published: 2023-12-15T13:48:13.075Z
Updated: 2024-08-02T22:23:44.029Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43566 |
vulnerable | 2026-06-03 14:53:03.706290 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
Published: 2023-09-19T16:57:29.792Z
Updated: 2024-09-24T20:33:31.538Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-42793 |
vulnerable | 2026-06-03 14:52:54.252928 |
Details available
CRITICAL (9.8)
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Published: 2023-09-19T16:57:29.245Z
Updated: 2025-10-21T23:05:37.592Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41250 |
vulnerable | 2026-06-03 14:52:51.422930 |
Details available
LOW (3.5)
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
Published: 2023-08-25T12:58:23.715Z
Updated: 2024-09-27T21:56:43.804Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41249 |
vulnerable | 2026-06-03 14:52:51.422623 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
Published: 2023-08-25T12:58:23.451Z
Updated: 2024-09-27T21:56:50.469Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41248 |
vulnerable | 2026-06-03 14:52:51.422238 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
Published: 2023-08-25T12:58:23.070Z
Updated: 2024-09-27T21:56:56.951Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39175 |
vulnerable | 2026-06-03 14:52:37.865788 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
Published: 2023-07-25T14:45:45.187Z
Updated: 2024-10-15T18:51:27.536Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39174 |
vulnerable | 2026-06-03 14:52:37.865484 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
Published: 2023-07-25T14:45:44.602Z
Updated: 2024-10-15T18:58:32.017Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39173 |
vulnerable | 2026-06-03 14:52:37.865088 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
Published: 2023-07-25T14:45:43.929Z
Updated: 2024-10-15T19:01:46.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38067 |
vulnerable | 2026-06-03 14:52:30.265931 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
Published: 2023-07-12T12:48:22.381Z
Updated: 2024-10-22T18:09:10.767Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38066 |
vulnerable | 2026-06-03 14:52:30.265653 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Published: 2023-07-12T12:48:21.874Z
Updated: 2024-10-21T21:10:13.344Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38065 |
vulnerable | 2026-06-03 14:52:30.265384 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
Published: 2023-07-12T12:48:21.501Z
Updated: 2024-10-22T18:40:21.852Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38064 |
vulnerable | 2026-06-03 14:52:30.265106 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Published: 2023-07-12T12:48:20.927Z
Updated: 2024-10-22T18:40:04.179Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38063 |
vulnerable | 2026-06-03 14:52:30.264822 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
Published: 2023-07-12T12:48:20.416Z
Updated: 2024-10-23T14:37:18.530Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38062 |
vulnerable | 2026-06-03 14:52:30.264509 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
Published: 2023-07-12T12:48:19.714Z
Updated: 2024-10-23T14:40:05.492Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38061 |
vulnerable | 2026-06-03 14:52:30.264114 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
Published: 2023-07-12T12:48:19.126Z
Updated: 2024-10-23T14:40:18.471Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34229 |
vulnerable | 2026-06-03 14:52:16.082126 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
Published: 2023-05-31T13:03:17.292Z
Updated: 2025-01-09T20:29:22.277Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34228 |
vulnerable | 2026-06-03 14:52:16.081848 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Published: 2023-05-31T13:03:17.042Z
Updated: 2025-01-09T20:29:58.874Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34227 |
vulnerable | 2026-06-03 14:52:16.081542 |
Details available
MEDIUM (5.3)
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
Published: 2023-05-31T13:03:16.642Z
Updated: 2025-01-09T20:30:23.803Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34226 |
vulnerable | 2026-06-03 14:52:16.081274 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
Published: 2023-05-31T13:03:16.303Z
Updated: 2025-01-09T20:30:47.812Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34225 |
vulnerable | 2026-06-03 14:52:16.081022 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
Published: 2023-05-31T13:03:16.074Z
Updated: 2025-01-09T20:31:09.300Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34224 |
vulnerable | 2026-06-03 14:52:16.080759 |
Details available
MEDIUM (4.8)
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
Published: 2023-05-31T13:03:15.821Z
Updated: 2025-01-09T20:31:44.537Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34223 |
vulnerable | 2026-06-03 14:52:16.080505 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
Published: 2023-05-31T13:03:15.563Z
Updated: 2025-01-09T20:32:11.363Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34222 |
vulnerable | 2026-06-03 14:52:16.080234 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
Published: 2023-05-31T13:03:14.995Z
Updated: 2025-01-09T20:32:34.480Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34221 |
vulnerable | 2026-06-03 14:52:16.079962 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
Published: 2023-05-31T13:03:14.464Z
Updated: 2025-01-09T20:33:08.762Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34220 |
vulnerable | 2026-06-03 14:52:16.079679 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
Published: 2023-05-31T13:03:13.956Z
Updated: 2025-01-09T20:03:26.445Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34219 |
vulnerable | 2026-06-03 14:52:16.079380 |
Details available
MEDIUM (4.3)
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
Published: 2023-05-31T13:03:13.367Z
Updated: 2025-01-09T20:33:32.302Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-34218 |
vulnerable | 2026-06-03 14:52:16.078971 |
Details available
CRITICAL (9.1)
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
Published: 2023-05-31T13:03:12.814Z
Updated: 2025-01-09T20:54:20.791Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48428 |
vulnerable | 2026-06-03 14:48:33.519961 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
Published: 2023-03-27T15:27:17.671Z
Updated: 2025-02-19T16:05:55.576Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48427 |
vulnerable | 2026-06-03 14:48:33.519636 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
Published: 2023-03-27T15:27:17.311Z
Updated: 2025-02-19T16:03:17.083Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48426 |
vulnerable | 2026-06-03 14:48:33.517787 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
Published: 2023-03-27T15:27:16.592Z
Updated: 2025-02-19T16:57:27.243Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48344 |
vulnerable | 2026-06-03 14:48:33.416695 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
Published: 2023-02-23T15:44:24.533Z
Updated: 2025-03-11T19:45:28.533Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48343 |
vulnerable | 2026-06-03 14:48:33.416249 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
Published: 2023-02-23T15:44:23.994Z
Updated: 2025-03-11T18:13:25.085Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-48342 |
vulnerable | 2026-06-03 14:48:28.654728 |
Details available
MEDIUM (5.2)
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Published: 2023-02-23T15:44:23.524Z
Updated: 2025-03-12T13:57:33.235Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46831 |
vulnerable | 2026-06-03 14:48:26.562241 |
Details available
MEDIUM (6.6)
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Published: 2022-12-08T17:38:04.997Z
Updated: 2025-04-22T18:03:30.596Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46830 |
vulnerable | 2026-06-03 14:48:26.561890 |
Details available
MEDIUM (4.1)
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
Published: 2022-12-08T17:38:03.499Z
Updated: 2025-04-23T14:22:12.749Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44646 |
vulnerable | 2026-06-03 14:48:17.571453 |
Details available
LOW (2.2)
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
Published: 2022-11-03T00:00:00.000Z
Updated: 2025-05-02T19:33:09.233Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44624 |
vulnerable | 2026-06-03 14:48:17.514678 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
Published: 2022-11-03T00:00:00.000Z
Updated: 2025-05-02T19:33:33.094Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44623 |
vulnerable | 2026-06-03 14:48:17.514336 |
Details available
MEDIUM (6.5)
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
Published: 2022-11-03T00:00:00.000Z
Updated: 2025-04-30T18:52:54.855Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44622 |
vulnerable | 2026-06-03 14:48:17.513907 |
Details available
LOW (2.7)
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
Published: 2022-11-03T00:00:00.000Z
Updated: 2025-05-02T14:09:55.418Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-40979 |
vulnerable | 2026-06-03 14:48:03.877754 |
Details available
MEDIUM (4.4)
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
Published: 2022-09-23T10:50:08.000Z
Updated: 2024-08-03T12:28:42.942Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38133 |
vulnerable | 2026-06-03 14:47:49.314900 |
Details available
LOW (3.2)
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
Published: 2022-08-10T15:25:09.000Z
Updated: 2024-08-03T10:45:52.822Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36322 |
vulnerable | 2026-06-03 14:47:39.640644 |
Details available
MEDIUM (5.4)
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
Published: 2022-07-20T12:30:22.000Z
Updated: 2024-08-03T10:00:04.377Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36321 |
vulnerable | 2026-06-03 14:47:39.640265 |
Details available
MEDIUM (4.1)
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
Published: 2022-07-20T12:30:14.000Z
Updated: 2024-08-03T10:00:04.291Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29929 |
vulnerable | 2026-06-03 14:46:59.819340 |
Details available
LOW (3.7)
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
Published: 2022-05-12T08:35:16.000Z
Updated: 2024-08-03T06:33:43.165Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29928 |
vulnerable | 2026-06-03 14:46:59.819026 |
Details available
MEDIUM (4.4)
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
Published: 2022-05-12T08:35:14.000Z
Updated: 2024-08-03T06:33:43.306Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29927 |
vulnerable | 2026-06-03 14:46:59.818641 |
Details available
MEDIUM (4.6)
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
Published: 2022-05-12T08:35:12.000Z
Updated: 2024-08-03T06:33:43.184Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25264 |
vulnerable | 2026-06-03 14:46:37.467276 |
Details available
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
Published: 2022-02-25T19:59:05.000Z
Updated: 2024-08-03T04:36:06.534Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25263 |
vulnerable | 2026-06-03 14:46:37.466985 |
Details available
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
Published: 2022-02-25T19:59:20.000Z
Updated: 2024-08-03T04:36:06.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25261 |
vulnerable | 2026-06-03 14:46:37.466296 |
Details available
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
Published: 2022-02-25T19:59:36.000Z
Updated: 2024-08-03T04:36:06.572Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24342 |
vulnerable | 2026-06-03 14:46:29.842444 |
Details available
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
Published: 2022-02-25T14:35:48.000Z
Updated: 2024-08-03T04:07:02.341Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24341 |
vulnerable | 2026-06-03 14:46:29.842176 |
Details available
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
Published: 2022-02-25T14:35:44.000Z
Updated: 2024-08-03T04:07:02.369Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24340 |
vulnerable | 2026-06-03 14:46:29.841891 |
Details available
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
Published: 2022-02-25T14:35:41.000Z
Updated: 2024-08-03T04:07:02.429Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24339 |
vulnerable | 2026-06-03 14:46:29.841611 |
Details available
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
Published: 2022-02-25T14:35:38.000Z
Updated: 2024-08-03T04:07:02.431Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24338 |
vulnerable | 2026-06-03 14:46:29.841360 |
Details available
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
Published: 2022-02-25T14:35:35.000Z
Updated: 2024-08-03T04:07:02.396Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24337 |
vulnerable | 2026-06-03 14:46:29.841097 |
Details available
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
Published: 2022-02-25T14:35:31.000Z
Updated: 2024-08-03T04:07:02.495Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24336 |
vulnerable | 2026-06-03 14:46:29.840827 |
Details available
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Published: 2022-02-25T14:35:27.000Z
Updated: 2024-08-03T04:07:02.515Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24335 |
vulnerable | 2026-06-03 14:46:29.840547 |
Details available
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
Published: 2022-02-25T14:35:21.000Z
Updated: 2024-08-03T04:07:02.476Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24334 |
vulnerable | 2026-06-03 14:46:29.840258 |
Details available
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
Published: 2022-02-25T14:35:18.000Z
Updated: 2024-08-03T04:07:02.517Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24333 |
vulnerable | 2026-06-03 14:46:29.839973 |
Details available
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
Published: 2022-02-25T14:35:15.000Z
Updated: 2024-08-03T04:07:02.343Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24332 |
vulnerable | 2026-06-03 14:46:29.839701 |
Details available
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Published: 2022-02-25T14:35:12.000Z
Updated: 2024-08-03T04:07:02.639Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24331 |
vulnerable | 2026-06-03 14:46:29.839397 |
Details available
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
Published: 2022-02-25T14:35:09.000Z
Updated: 2024-08-03T04:07:02.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24330 |
vulnerable | 2026-06-03 14:46:29.839008 |
Details available
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
Published: 2022-02-25T14:35:06.000Z
Updated: 2024-08-03T04:07:02.533Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43202 |
vulnerable | 2026-06-03 14:45:33.774333 |
Details available
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
Published: 2021-11-30T15:21:24.000Z
Updated: 2024-08-04T03:47:13.605Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43201 |
vulnerable | 2026-06-03 14:45:33.774079 |
Details available
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
Published: 2021-11-09T14:41:19.000Z
Updated: 2024-08-04T03:47:13.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43200 |
vulnerable | 2026-06-03 14:45:33.773804 |
Details available
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
Published: 2021-11-09T14:43:31.000Z
Updated: 2024-08-04T03:47:13.601Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43199 |
vulnerable | 2026-06-03 14:45:33.773553 |
Details available
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
Published: 2021-11-09T14:46:19.000Z
Updated: 2024-08-04T03:47:13.596Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43198 |
vulnerable | 2026-06-03 14:45:33.773289 |
Details available
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
Published: 2021-11-09T14:44:54.000Z
Updated: 2024-08-04T03:47:13.618Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43197 |
vulnerable | 2026-06-03 14:45:33.773007 |
Details available
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
Published: 2021-11-09T14:47:11.000Z
Updated: 2024-08-04T03:47:13.551Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43196 |
vulnerable | 2026-06-03 14:45:33.772732 |
Details available
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
Published: 2021-11-09T14:49:00.000Z
Updated: 2024-08-04T03:47:13.610Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43195 |
vulnerable | 2026-06-03 14:45:33.772449 |
Details available
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
Published: 2021-11-09T14:47:54.000Z
Updated: 2024-08-04T03:47:13.588Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43194 |
vulnerable | 2026-06-03 14:45:33.772165 |
Details available
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
Published: 2021-11-09T14:50:27.000Z
Updated: 2024-08-04T03:47:13.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43193 |
vulnerable | 2026-06-03 14:45:33.771769 |
Details available
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
Published: 2021-11-09T14:49:47.000Z
Updated: 2024-08-04T03:47:13.600Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3315 |
vulnerable | 2026-06-03 14:45:10.406628 |
Details available
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
Published: 2021-05-11T11:57:32.000Z
Updated: 2024-08-03T16:53:17.441Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37548 |
vulnerable | 2026-06-03 14:45:00.740726 |
Details available
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
Published: 2021-08-06T13:26:13.000Z
Updated: 2024-08-04T01:23:01.103Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37547 |
vulnerable | 2026-06-03 14:45:00.740449 |
Details available
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
Published: 2021-08-06T13:25:19.000Z
Updated: 2024-08-04T01:23:01.308Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37546 |
vulnerable | 2026-06-03 14:45:00.740191 |
Details available
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
Published: 2021-08-06T13:24:39.000Z
Updated: 2024-08-04T01:23:01.229Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37545 |
vulnerable | 2026-06-03 14:45:00.739917 |
Details available
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
Published: 2021-08-06T13:24:10.000Z
Updated: 2024-08-04T01:23:01.186Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37544 |
vulnerable | 2026-06-03 14:45:00.739622 |
Details available
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
Published: 2021-08-06T13:23:39.000Z
Updated: 2024-08-04T01:23:01.408Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-37542 |
vulnerable | 2026-06-03 14:45:00.736902 |
Details available
In JetBrains TeamCity before 2020.2.3, XSS was possible.
Published: 2021-08-06T13:22:54.000Z
Updated: 2024-08-04T01:23:01.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31915 |
vulnerable | 2026-06-03 14:44:33.972925 |
Details available
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
Published: 2021-05-11T12:12:41.000Z
Updated: 2024-08-03T23:10:31.069Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31914 |
vulnerable | 2026-06-03 14:44:33.972633 |
Details available
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
Published: 2021-05-11T12:11:47.000Z
Updated: 2024-08-03T23:10:30.768Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31913 |
vulnerable | 2026-06-03 14:44:33.972357 |
Details available
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
Published: 2021-05-11T12:09:57.000Z
Updated: 2024-08-03T23:10:30.832Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31912 |
vulnerable | 2026-06-03 14:44:33.972075 |
Details available
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
Published: 2021-05-11T12:05:35.000Z
Updated: 2024-08-03T23:10:31.096Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31911 |
vulnerable | 2026-06-03 14:44:33.971793 |
Details available
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
Published: 2021-05-11T12:04:09.000Z
Updated: 2024-08-03T23:10:30.931Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31910 |
vulnerable | 2026-06-03 14:44:33.971518 |
Details available
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
Published: 2021-05-11T12:02:20.000Z
Updated: 2024-08-03T23:10:30.992Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31909 |
vulnerable | 2026-06-03 14:44:33.971245 |
Details available
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
Published: 2021-05-11T11:59:25.000Z
Updated: 2024-08-03T23:10:31.151Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31908 |
vulnerable | 2026-06-03 14:44:33.970956 |
Details available
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
Published: 2021-05-11T12:00:45.000Z
Updated: 2024-08-03T23:10:31.039Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31907 |
vulnerable | 2026-06-03 14:44:33.970664 |
Details available
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
Published: 2021-05-11T11:56:05.000Z
Updated: 2024-08-03T23:10:31.044Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31906 |
vulnerable | 2026-06-03 14:44:33.970373 |
Details available
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
Published: 2021-05-11T11:54:46.000Z
Updated: 2024-08-03T23:10:30.985Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31904 |
vulnerable | 2026-06-03 14:44:33.969663 |
Details available
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
Published: 2021-05-11T11:46:23.000Z
Updated: 2024-08-03T23:10:30.929Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25778 |
vulnerable | 2026-06-03 14:44:05.841308 |
Details available
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
Published: 2021-02-03T15:50:21.000Z
Updated: 2024-08-03T20:11:28.422Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25777 |
vulnerable | 2026-06-03 14:44:05.841022 |
Details available
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
Published: 2021-02-03T15:50:56.000Z
Updated: 2024-08-03T20:11:28.457Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25776 |
vulnerable | 2026-06-03 14:44:05.840746 |
Details available
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
Published: 2021-02-03T15:34:16.000Z
Updated: 2024-08-03T20:11:28.378Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25775 |
vulnerable | 2026-06-03 14:44:05.840469 |
Details available
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
Published: 2021-02-03T15:37:52.000Z
Updated: 2024-08-03T20:11:27.834Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25774 |
vulnerable | 2026-06-03 14:44:05.840171 |
Details available
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
Published: 2021-02-03T15:34:55.000Z
Updated: 2024-08-03T20:11:27.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25773 |
vulnerable | 2026-06-03 14:44:05.839857 |
Details available
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
Published: 2021-02-03T15:32:44.000Z
Updated: 2024-08-03T20:11:27.957Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-25772 |
vulnerable | 2026-06-03 14:44:05.839443 |
Details available
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
Published: 2021-02-03T15:33:26.000Z
Updated: 2024-08-03T20:11:28.274Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7911 |
vulnerable | 2026-06-03 14:43:07.717639 |
Details available
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
Published: 2020-01-30T17:14:58.000Z
Updated: 2024-08-04T09:48:23.515Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7910 |
vulnerable | 2026-06-03 14:43:07.717357 |
Details available
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
Published: 2020-01-30T17:13:21.000Z
Updated: 2024-08-04T09:48:23.783Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7909 |
vulnerable | 2026-06-03 14:43:07.717057 |
Details available
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
Published: 2020-01-30T17:12:01.000Z
Updated: 2024-08-04T09:48:23.511Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7908 |
vulnerable | 2026-06-03 14:43:07.716674 |
Details available
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
Published: 2020-01-30T17:10:34.000Z
Updated: 2024-08-04T09:48:23.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-35667 |
vulnerable | 2026-06-03 14:42:32.154461 |
Details available
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
Published: 2021-02-03T15:51:37.000Z
Updated: 2024-08-04T17:09:14.904Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27629 |
vulnerable | 2026-06-03 14:42:18.244110 |
Details available
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
Published: 2020-11-16T15:01:52.000Z
Updated: 2024-08-04T16:18:45.490Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27628 |
vulnerable | 2026-06-03 14:42:18.243803 |
Details available
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
Published: 2020-11-16T15:02:28.000Z
Updated: 2024-08-04T16:18:44.849Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-27627 |
vulnerable | 2026-06-03 14:42:18.243408 |
Details available
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
Published: 2020-11-16T15:08:17.000Z
Updated: 2024-08-04T16:18:45.411Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15831 |
vulnerable | 2026-06-03 14:41:46.740577 |
Details available
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
Published: 2020-08-08T20:50:17.000Z
Updated: 2024-08-04T13:30:23.301Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15830 |
vulnerable | 2026-06-03 14:41:46.740298 |
Details available
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
Published: 2020-08-08T20:51:35.000Z
Updated: 2024-08-04T13:30:22.400Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15829 |
vulnerable | 2026-06-03 14:41:46.740002 |
Details available
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
Published: 2020-08-08T20:40:40.000Z
Updated: 2024-08-04T13:30:22.577Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15828 |
vulnerable | 2026-06-03 14:41:46.739693 |
Details available
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
Published: 2020-08-08T20:48:14.000Z
Updated: 2024-08-04T13:30:21.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15826 |
vulnerable | 2026-06-03 14:41:46.737928 |
Details available
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
Published: 2020-08-08T20:32:39.000Z
Updated: 2024-08-04T13:30:22.319Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15825 |
vulnerable | 2026-06-03 14:41:46.737516 |
Details available
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
Published: 2020-08-08T20:39:03.000Z
Updated: 2024-08-04T13:30:21.840Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11938 |
vulnerable | 2026-06-03 14:41:32.465549 |
Details available
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
Published: 2020-04-22T13:52:52.000Z
Updated: 2024-08-04T11:42:00.841Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11689 |
vulnerable | 2026-06-03 14:41:26.501686 |
Details available
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
Published: 2020-04-22T13:52:38.000Z
Updated: 2024-08-04T11:35:13.772Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11688 |
vulnerable | 2026-06-03 14:41:26.501398 |
Details available
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
Published: 2020-04-22T13:52:36.000Z
Updated: 2024-08-04T11:35:13.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11687 |
vulnerable | 2026-06-03 14:41:26.501100 |
Details available
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
Published: 2020-04-22T13:52:34.000Z
Updated: 2024-08-04T11:35:13.666Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11686 |
vulnerable | 2026-06-03 14:41:26.500725 |
Details available
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
Published: 2020-04-22T13:52:33.000Z
Updated: 2024-08-04T11:35:13.594Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18367 |
vulnerable | 2026-06-03 14:39:57.222576 |
Details available
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
Published: 2019-10-31T15:20:03.000Z
Updated: 2024-08-05T01:54:14.119Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18366 |
vulnerable | 2026-06-03 14:39:57.222308 |
Details available
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
Published: 2019-10-31T15:16:41.000Z
Updated: 2024-08-05T01:54:13.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18365 |
vulnerable | 2026-06-03 14:39:57.222027 |
Details available
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
Published: 2019-10-31T15:12:10.000Z
Updated: 2024-08-05T01:54:14.425Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18364 |
vulnerable | 2026-06-03 14:39:57.221739 |
Details available
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
Published: 2019-10-31T14:54:36.000Z
Updated: 2024-08-05T01:54:14.120Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-18363 |
vulnerable | 2026-06-03 14:39:57.221380 |
Details available
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Published: 2019-10-31T14:48:59.000Z
Updated: 2024-08-05T01:54:14.085Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12846 |
vulnerable | 2026-06-03 14:39:36.205544 |
Details available
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
Published: 2019-07-03T19:46:58.000Z
Updated: 2024-08-04T23:32:55.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12845 |
vulnerable | 2026-06-03 14:39:36.205282 |
Details available
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
Published: 2019-07-03T19:42:34.000Z
Updated: 2024-08-04T23:32:55.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12844 |
vulnerable | 2026-06-03 14:39:36.205018 |
Details available
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
Published: 2019-07-03T19:41:04.000Z
Updated: 2024-08-04T23:32:55.447Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12843 |
vulnerable | 2026-06-03 14:39:36.204752 |
Details available
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
Published: 2019-07-03T19:43:49.000Z
Updated: 2024-08-04T23:32:55.388Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12842 |
vulnerable | 2026-06-03 14:39:36.204484 |
Details available
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
Published: 2019-07-03T19:45:58.000Z
Updated: 2024-08-04T23:32:55.474Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12841 |
vulnerable | 2026-06-03 14:39:36.204184 |
Details available
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
Published: 2019-07-03T19:44:53.000Z
Updated: 2024-08-04T23:32:55.486Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12157 |
vulnerable | 2026-06-03 14:39:34.342185 |
Details available
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Published: 2019-10-02T18:51:36.000Z
Updated: 2024-08-04T23:10:30.824Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-1313 |
vulnerable | 2026-06-03 14:34:39.127545 |
Details available
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Published: 2023-06-29T14:07:44.700Z
Updated: 2024-11-26T19:30:02.252Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-10036 |
vulnerable | 2026-06-03 14:33:40.804785 |
Details available
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
Published: 2015-01-13T15:00:00.000Z
Updated: 2024-08-06T14:02:37.943Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-10002 |
vulnerable | 2026-06-03 14:33:40.758746 |
Details available
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
Published: 2015-01-13T11:00:00.000Z
Updated: 2024-09-16T22:41:01.598Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.