VYPR

Teamcity

by Jetbrains

Source repositories

CVEs (267)

  • CVE-2025-24461Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint

  • CVE-2025-24460Jan 21, 2025
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool

  • CVE-2024-56356Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack

  • CVE-2024-56354Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

  • CVE-2024-56353Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

  • CVE-2024-56351Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

  • CVE-2024-56350Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects

  • CVE-2024-56349Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs

  • CVE-2024-56348Dec 20, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

  • CVE-2024-47951Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings

  • CVE-2024-47950Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

  • CVE-2024-47949Oct 8, 2024
    risk 0.00cvss epss 0.23

    In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location

  • CVE-2024-47948Oct 8, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups

  • CVE-2024-47161Oct 8, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

  • CVE-2024-43809Aug 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

  • CVE-2024-43808Aug 16, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin

  • CVE-2024-43114Aug 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

  • CVE-2024-41829Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

  • CVE-2024-41828Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

  • CVE-2024-41827Jul 22, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration

Page 5 of 14