Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54532 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies | |||
| CVE-2025-54531 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows | |||
| CVE-2025-54530 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | |||
| CVE-2025-54529 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration | |||
| CVE-2025-54528 | 0.00 | — | 0.00 | Jul 28, 2025 | In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | |||
| CVE-2025-52879 | 0.00 | — | 0.01 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible | |||
| CVE-2025-52878 | 0.00 | — | 0.00 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions | |||
| CVE-2025-52877 | 0.00 | — | 0.14 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible | |||
| CVE-2025-52876 | 0.00 | — | 0.14 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible | |||
| CVE-2025-52875 | 0.00 | — | 0.01 | Jun 23, 2025 | In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible | |||
| CVE-2025-47854 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | |||
| CVE-2025-47853 | 0.00 | — | 0.01 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible | |||
| CVE-2025-47852 | 0.00 | — | 0.01 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible | |||
| CVE-2025-47851 | 0.00 | — | 0.02 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible | |||
| CVE-2025-46618 | 0.00 | — | 0.22 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | |||
| CVE-2025-46433 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | |||
| CVE-2025-46432 | 0.00 | — | 0.01 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | |||
| CVE-2025-31141 | 0.00 | — | 0.00 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | |||
| CVE-2025-31139 | 0.00 | — | 0.01 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | |||
| CVE-2025-26492 | 0.00 | — | 0.00 | Feb 11, 2025 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources |
- CVE-2025-54532Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
- CVE-2025-54531Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
- CVE-2025-54530Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
- CVE-2025-54529Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
- CVE-2025-54528Jul 28, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
- CVE-2025-52879Jun 23, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
- CVE-2025-52878Jun 23, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
- CVE-2025-52877Jun 23, 2025risk 0.00cvss —epss 0.14
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
- CVE-2025-52876Jun 23, 2025risk 0.00cvss —epss 0.14
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
- CVE-2025-52875Jun 23, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
- CVE-2025-47854May 20, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
- CVE-2025-47853May 20, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
- CVE-2025-47852May 20, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
- CVE-2025-47851May 20, 2025risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
- CVE-2025-46618Apr 25, 2025risk 0.00cvss —epss 0.22
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
- CVE-2025-46433Apr 25, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
- CVE-2025-46432Apr 25, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
- CVE-2025-31141Mar 27, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
- CVE-2025-31139Mar 27, 2025risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
- CVE-2025-26492Feb 11, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
Page 4 of 14