VYPR

Teamcity

by Jetbrains

Source repositories

CVEs (267)

  • CVE-2024-36371May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible

  • CVE-2024-36370May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible

  • CVE-2024-36369May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible

  • CVE-2024-36366May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations

  • CVE-2024-36363May 29, 2024
    risk 0.04cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible

  • CVE-2025-31140Mar 27, 2025
    risk 0.03cvss epss 0.27

    In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page

  • CVE-2024-56355Dec 20, 2024
    risk 0.03cvss epss 0.01

    In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

  • CVE-2024-56352Dec 20, 2024
    risk 0.03cvss epss 0.01

    In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

  • CVE-2024-43807Aug 16, 2024
    risk 0.03cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page

  • CVE-2019-15039Oct 1, 2019
    risk 0.03cvss epss 0.13

    An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

  • CVE-2025-24459Jan 21, 2025
    risk 0.02cvss epss 0.03

    In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page

  • CVE-2024-36372May 29, 2024
    risk 0.02cvss epss 0.00

    In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible

  • CVE-2024-36367May 29, 2024
    risk 0.02cvss epss 0.00

    In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible

  • CVE-2025-26493Feb 11, 2025
    risk 0.01cvss epss 0.00

    In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab

  • CVE-2026-28196Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

  • CVE-2026-28195Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

  • CVE-2026-28194Feb 25, 2026
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow

  • CVE-2025-68268Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page

  • CVE-2025-68267Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token

  • CVE-2025-68166Dec 16, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab

Page 2 of 14