Teamcity
Sign in to watchby Jetbrains
Source repositories
CVEs (166)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36367 | 0.02 | — | 0.22 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible | ||
| CVE-2025-26493 | 0.01 | — | 0.16 | Feb 11, 2025 | In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab | ||
| CVE-2026-28196 | 0.00 | — | 0.00 | Feb 25, 2026 | In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk | ||
| CVE-2026-28195 | 0.00 | — | 0.00 | Feb 25, 2026 | In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations | ||
| CVE-2026-28194 | 0.00 | — | 0.00 | Feb 25, 2026 | In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow | ||
| CVE-2025-68268 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page | ||
| CVE-2025-68267 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token | ||
| CVE-2025-68166 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab | ||
| CVE-2025-68165 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup | ||
| CVE-2025-68164 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test | ||
| CVE-2025-68163 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page | ||
| CVE-2025-68162 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration | ||
| CVE-2025-67742 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 path traversal was possible via file upload | ||
| CVE-2025-67741 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute | ||
| CVE-2025-67740 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata | ||
| CVE-2025-67739 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure | ||
| CVE-2025-59457 | 0.00 | — | 0.00 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows | ||
| CVE-2025-59456 | 0.00 | — | 0.00 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload | ||
| CVE-2025-59455 | 0.00 | — | 0.00 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition | ||
| CVE-2025-57734 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files |
Page 2 of 9