CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jetbrains » Teamcity » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-29929 79 XSS 2022-05-12 2022-05-23
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
2 CVE-2022-29928 532 2022-05-12 2022-05-23
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
3 CVE-2022-29927 79 XSS 2022-05-12 2022-05-23
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
4 CVE-2022-25264 922 2022-02-25 2022-03-08
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
5 CVE-2022-25263 78 2022-02-25 2022-03-08
7.5
None Remote Low Not required Partial Partial Partial
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
6 CVE-2022-25261 79 XSS 2022-02-25 2022-03-08
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
7 CVE-2022-24342 352 CSRF 2022-02-25 2022-03-04
6.8
None Remote Medium Not required Partial Partial Partial
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
8 CVE-2022-24341 613 2022-02-25 2022-03-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
9 CVE-2022-24340 611 2022-02-25 2022-03-04
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
10 CVE-2022-24339 79 XSS 2022-02-25 2022-03-04
3.5
None Remote Medium ??? None Partial None
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
11 CVE-2022-24338 79 XSS 2022-02-25 2022-03-04
4.3
None Remote Medium Not required None Partial None
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
12 CVE-2022-24337 276 2022-02-25 2022-03-04
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
13 CVE-2022-24336 668 2022-02-25 2022-03-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
14 CVE-2022-24335 367 2022-02-25 2022-03-04
6.8
None Remote Medium Not required Partial Partial Partial
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
15 CVE-2022-24334 2022-02-25 2022-03-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
16 CVE-2022-24333 918 2022-02-25 2022-03-04
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
17 CVE-2022-24332 613 2022-02-25 2022-03-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
18 CVE-2022-24331 287 2022-02-25 2022-03-04
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
19 CVE-2022-24330 601 2022-02-25 2022-03-04
5.8
None Remote Medium Not required Partial Partial None
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
20 CVE-2021-43202 2021-11-30 2021-12-01
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
21 CVE-2021-43201 2021-11-09 2021-11-09
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
22 CVE-2021-43200 2021-11-09 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
23 CVE-2021-43199 276 2021-11-09 2021-11-09
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
24 CVE-2021-43198 79 XSS 2021-11-09 2021-11-09
3.5
None Remote Medium ??? None Partial None
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
25 CVE-2021-43197 79 XSS 2021-11-09 2021-11-09
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
26 CVE-2021-43196 668 2021-11-09 2021-11-09
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
27 CVE-2021-43195 2021-11-09 2021-11-09
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
28 CVE-2021-43194 2021-11-09 2021-11-10
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
29 CVE-2021-43193 Exec Code 2021-11-09 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
30 CVE-2021-37548 312 2021-08-06 2021-08-12
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
31 CVE-2021-37547 2021-08-06 2021-08-12
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
32 CVE-2021-37546 326 2021-08-06 2021-08-12
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
33 CVE-2021-37545 287 2021-08-06 2021-08-12
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
34 CVE-2021-37544 502 2021-08-06 2021-08-12
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
35 CVE-2021-37542 79 XSS 2021-08-06 2021-08-12
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2020.2.3, XSS was possible.
36 CVE-2021-31915 78 Exec Code 2021-05-11 2021-05-17
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
37 CVE-2021-31913 354 2021-05-11 2021-05-17
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
38 CVE-2021-31912 640 2021-05-11 2021-05-17
6.8
None Remote Medium Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
39 CVE-2021-31911 79 XSS 2021-05-11 2021-05-14
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
40 CVE-2021-31910 918 2021-05-11 2021-05-17
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
41 CVE-2021-31909 88 Exec Code 2021-05-11 2021-05-14
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
42 CVE-2021-31908 79 XSS 2021-05-11 2021-05-13
3.5
None Remote Medium ??? None Partial None
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
43 CVE-2021-31907 732 2021-05-11 2021-05-14
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
44 CVE-2021-31906 2021-05-11 2021-05-14
4.0
None Remote Low ??? None Partial None
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
45 CVE-2021-31904 79 XSS 2021-05-11 2021-05-14
4.3
None Remote Medium Not required None Partial None
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
46 CVE-2021-25778 732 2021-02-03 2021-02-05
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
47 CVE-2021-25777 863 2021-02-03 2021-02-04
5.0
None Remote Low Not required None Partial None
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
48 CVE-2021-25776 922 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
49 CVE-2021-25775 732 2021-02-03 2021-02-04
5.5
None Remote Low ??? Partial Partial None
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
50 CVE-2021-25774 863 2021-02-03 2021-02-05
4.0
None Remote Low ??? Partial None None
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
Total number of vulnerabilities : 86   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.