Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-31904 | 0.00 | — | 0.01 | May 11, 2021 | In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. | |||
| CVE-2020-35667 | 0.00 | — | 0.01 | Feb 3, 2021 | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | |||
| CVE-2021-25777 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | |||
| CVE-2021-25778 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. | |||
| CVE-2021-25775 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. | |||
| CVE-2021-25774 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | |||
| CVE-2021-25776 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. | |||
| CVE-2021-25772 | 0.00 | — | 0.01 | Feb 3, 2021 | In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. | |||
| CVE-2021-25773 | 0.00 | — | 0.01 | Feb 3, 2021 | JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | |||
| CVE-2020-27627 | 0.00 | — | 0.01 | Nov 16, 2020 | JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. | |||
| CVE-2020-27628 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||
| CVE-2020-27629 | 0.00 | — | 0.01 | Nov 16, 2020 | In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||
| CVE-2020-15830 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | |||
| CVE-2020-15831 | 0.00 | — | 0.01 | Aug 8, 2020 | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | |||
| CVE-2020-15828 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | |||
| CVE-2020-15829 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | |||
| CVE-2020-15825 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | |||
| CVE-2020-15826 | 0.00 | — | 0.01 | Aug 8, 2020 | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | |||
| CVE-2020-11938 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. | |||
| CVE-2020-11689 | 0.00 | — | 0.01 | Apr 22, 2020 | In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. |
- CVE-2021-31904May 11, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
- CVE-2020-35667Feb 3, 2021risk 0.00cvss —epss 0.01
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
- CVE-2021-25777Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
- CVE-2021-25778Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
- CVE-2021-25775Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
- CVE-2021-25774Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
- CVE-2021-25776Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
- CVE-2021-25772Feb 3, 2021risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
- CVE-2021-25773Feb 3, 2021risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
- CVE-2020-27627Nov 16, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
- CVE-2020-27628Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
- CVE-2020-27629Nov 16, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
- CVE-2020-15830Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
- CVE-2020-15831Aug 8, 2020risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
- CVE-2020-15828Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
- CVE-2020-15829Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
- CVE-2020-15825Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
- CVE-2020-15826Aug 8, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
- CVE-2020-11938Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
- CVE-2020-11689Apr 22, 2020risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
Page 12 of 14