Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27199 | Hig | 0.73 | 7.3 | 1.00 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | |
| CVE-2026-44413 | Hig | 0.53 | 8.2 | 0.00 | May 11, 2026 | In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access | ||
| CVE-2026-49374 | Hig | 0.49 | 7.6 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | ||
| CVE-2026-49372 | Hig | 0.49 | 7.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible | ||
| CVE-2026-49373 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings | ||
| CVE-2026-49371 | Hig | 0.46 | 7.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible | ||
| CVE-2026-49379 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names | ||
| CVE-2026-49376 | Med | 0.42 | 6.5 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||
| CVE-2026-49375 | Med | 0.40 | 6.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page | ||
| CVE-2026-49378 | Med | 0.28 | 4.3 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | ||
| CVE-2026-49377 | Med | 0.28 | 4.3 | 0.01 | May 29, 2026 | In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters | ||
| CVE-2024-27198 | 0.28 | — | 1.00 | KEV | Mar 4, 2024 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | ||
| CVE-2023-42793 | 0.28 | — | 1.00 | KEV | Sep 19, 2023 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | ||
| CVE-2026-49381 | Low | 0.22 | 3.4 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible | ||
| CVE-2026-49380 | Low | 0.20 | 3.1 | 0.00 | May 29, 2026 | In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible | ||
| CVE-2024-23917 | 0.06 | — | 0.54 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | |||
| CVE-2024-43810 | 0.04 | — | 0.00 | Aug 16, 2024 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | |||
| CVE-2024-41825 | 0.04 | — | 0.00 | Jul 22, 2024 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | |||
| CVE-2024-36374 | 0.04 | — | 0.00 | May 29, 2024 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | |||
| CVE-2024-36373 | 0.04 | — | 0.00 | May 29, 2024 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible |
- risk 0.73cvss 7.3epss 1.00
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
- risk 0.53cvss 8.2epss 0.00
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
- risk 0.49cvss 7.6epss 0.00
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
- risk 0.49cvss 7.5epss 0.00
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
- risk 0.46cvss 7.1epss 0.00
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
- risk 0.42cvss 6.5epss 0.00
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
- risk 0.42cvss 6.5epss 0.00
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
- risk 0.40cvss 6.1epss 0.00
In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
- risk 0.28cvss 4.3epss 0.00
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
- risk 0.28cvss 4.3epss 0.01
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
- risk 0.28cvss —epss 1.00
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
- risk 0.28cvss —epss 1.00
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
- risk 0.22cvss 3.4epss 0.00
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
- risk 0.20cvss 3.1epss 0.00
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
- CVE-2024-23917Feb 6, 2024risk 0.06cvss —epss 0.54
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
- CVE-2024-43810Aug 16, 2024risk 0.04cvss —epss 0.00
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
- CVE-2024-41825Jul 22, 2024risk 0.04cvss —epss 0.00
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
- CVE-2024-36374May 29, 2024risk 0.04cvss —epss 0.00
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
- CVE-2024-36373May 29, 2024risk 0.04cvss —epss 0.00
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
Page 1 of 14