Teamcity
Sign in to watchby Jetbrains
Source repositories
CVEs (166)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-57733 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content | ||
| CVE-2025-57732 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership | ||
| CVE-2025-54538 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | ||
| CVE-2025-54537 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | ||
| CVE-2025-54536 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | ||
| CVE-2025-54535 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms | ||
| CVE-2025-54534 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page | ||
| CVE-2025-54533 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration | ||
| CVE-2025-54532 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | ||
| CVE-2025-54531 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows | ||
| CVE-2025-54530 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | ||
| CVE-2025-54529 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | ||
| CVE-2025-54528 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | ||
| CVE-2025-52879 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | ||
| CVE-2025-52878 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | ||
| CVE-2025-52877 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | ||
| CVE-2025-52876 | 0.00 | — | 0.01 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible | ||
| CVE-2025-52875 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | ||
| CVE-2025-47854 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | ||
| CVE-2025-47853 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible |
Page 3 of 9