Teamcity
Sign in to watchby Jetbrains
Source repositories
CVEs (166)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47852 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible | ||
| CVE-2025-47851 | 0.00 | — | 0.00 | May 20, 2025 | In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible | ||
| CVE-2025-46618 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | ||
| CVE-2025-46433 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | ||
| CVE-2025-46432 | 0.00 | — | 0.00 | Apr 25, 2025 | In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | ||
| CVE-2025-31141 | 0.00 | — | 0.00 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | ||
| CVE-2025-31139 | 0.00 | — | 0.00 | Mar 27, 2025 | In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | ||
| CVE-2025-26492 | 0.00 | — | 0.00 | Feb 11, 2025 | In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources | ||
| CVE-2025-24461 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | ||
| CVE-2025-24460 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | ||
| CVE-2024-56356 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | ||
| CVE-2024-56354 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | ||
| CVE-2024-56353 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | ||
| CVE-2024-56351 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | ||
| CVE-2024-56350 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | ||
| CVE-2024-56349 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | ||
| CVE-2024-56348 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | ||
| CVE-2024-47951 | 0.00 | — | 0.00 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | ||
| CVE-2024-47950 | 0.00 | — | 0.00 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | ||
| CVE-2024-47949 | 0.00 | — | 0.01 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location |
Page 4 of 9