Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-43198 | 0.00 | — | 0.00 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | |||
| CVE-2021-43200 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. | |||
| CVE-2021-43201 | 0.00 | — | 0.01 | Nov 9, 2021 | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | |||
| CVE-2021-37548 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | |||
| CVE-2021-37547 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | |||
| CVE-2021-37546 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | |||
| CVE-2021-37545 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | |||
| CVE-2021-37544 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. | |||
| CVE-2021-37542 | 0.00 | — | 0.01 | Aug 6, 2021 | In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||
| CVE-2021-31915 | 0.00 | — | 0.03 | May 11, 2021 | In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | |||
| CVE-2021-31914 | 0.00 | — | 0.02 | May 11, 2021 | In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | |||
| CVE-2021-31913 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | |||
| CVE-2021-31912 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. | |||
| CVE-2021-31911 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. | |||
| CVE-2021-31910 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. | |||
| CVE-2021-31908 | 0.00 | — | 0.00 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. | |||
| CVE-2021-31909 | 0.00 | — | 0.03 | May 11, 2021 | In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. | |||
| CVE-2021-3315 | 0.00 | — | 0.00 | May 11, 2021 | In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||
| CVE-2021-31907 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. | |||
| CVE-2021-31906 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. |
- CVE-2021-43198Nov 9, 2021risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
- CVE-2021-43200Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
- CVE-2021-43201Nov 9, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
- CVE-2021-37548Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
- CVE-2021-37547Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
- CVE-2021-37546Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
- CVE-2021-37545Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
- CVE-2021-37544Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
- CVE-2021-37542Aug 6, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, XSS was possible.
- CVE-2021-31915May 11, 2021risk 0.00cvss —epss 0.03
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
- CVE-2021-31914May 11, 2021risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
- CVE-2021-31913May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
- CVE-2021-31912May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
- CVE-2021-31911May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
- CVE-2021-31910May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
- CVE-2021-31908May 11, 2021risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
- CVE-2021-31909May 11, 2021risk 0.00cvss —epss 0.03
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
- CVE-2021-3315May 11, 2021risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
- CVE-2021-31907May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
- CVE-2021-31906May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
Page 11 of 14