Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-68165 | 0.00 | — | 0.03 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup | |||
| CVE-2025-68164 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test | |||
| CVE-2025-68163 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page | |||
| CVE-2025-68162 | 0.00 | — | 0.00 | Dec 16, 2025 | In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration | |||
| CVE-2025-67742 | 0.00 | — | 0.01 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 path traversal was possible via file upload | |||
| CVE-2025-67741 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute | |||
| CVE-2025-67740 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata | |||
| CVE-2025-67739 | 0.00 | — | 0.00 | Dec 11, 2025 | In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure | |||
| CVE-2025-59457 | 0.00 | — | 0.01 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows | |||
| CVE-2025-59456 | 0.00 | — | 0.12 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload | |||
| CVE-2025-59455 | 0.00 | — | 0.00 | Sep 17, 2025 | In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition | |||
| CVE-2025-57734 | 0.00 | — | 0.01 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files | |||
| CVE-2025-57733 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content | |||
| CVE-2025-57732 | 0.00 | — | 0.00 | Aug 20, 2025 | In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership | |||
| CVE-2025-54538 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command | |||
| CVE-2025-54537 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots | |||
| CVE-2025-54536 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint | |||
| CVE-2025-54535 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms | |||
| CVE-2025-54534 | 0.00 | — | 0.01 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page | |||
| CVE-2025-54533 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration |
- CVE-2025-68165Dec 16, 2025risk 0.00cvss —epss 0.03
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
- CVE-2025-68164Dec 16, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
- CVE-2025-68163Dec 16, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
- CVE-2025-68162Dec 16, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
- CVE-2025-67742Dec 11, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
- CVE-2025-67741Dec 11, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
- CVE-2025-67740Dec 11, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
- CVE-2025-67739Dec 11, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
- CVE-2025-59457Sep 17, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
- CVE-2025-59456Sep 17, 2025risk 0.00cvss —epss 0.12
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
- CVE-2025-59455Sep 17, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
- CVE-2025-57734Aug 20, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
- CVE-2025-57733Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
- CVE-2025-57732Aug 20, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
- CVE-2025-54538Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
- CVE-2025-54537Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
- CVE-2025-54536Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
- CVE-2025-54535Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
- CVE-2025-54534Jul 28, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
- CVE-2025-54533Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Page 3 of 14