Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-24461 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | |||
| CVE-2025-24460 | 0.00 | — | 0.00 | Jan 21, 2025 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | |||
| CVE-2024-56356 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | |||
| CVE-2024-56354 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||
| CVE-2024-56353 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | |||
| CVE-2024-56351 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | |||
| CVE-2024-56350 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | |||
| CVE-2024-56349 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | |||
| CVE-2024-56348 | 0.00 | — | 0.00 | Dec 20, 2024 | In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | |||
| CVE-2024-47951 | 0.00 | — | 0.01 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | |||
| CVE-2024-47950 | 0.00 | — | 0.01 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | |||
| CVE-2024-47949 | 0.00 | — | 0.23 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | |||
| CVE-2024-47948 | 0.00 | — | 0.01 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | |||
| CVE-2024-47161 | 0.00 | — | 0.00 | Oct 8, 2024 | In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | |||
| CVE-2024-43809 | 0.00 | — | 0.00 | Aug 16, 2024 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | |||
| CVE-2024-43808 | 0.00 | — | 0.00 | Aug 16, 2024 | In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | |||
| CVE-2024-43114 | 0.00 | — | 0.00 | Aug 6, 2024 | In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | |||
| CVE-2024-41829 | 0.00 | — | 0.00 | Jul 22, 2024 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | |||
| CVE-2024-41828 | 0.00 | — | 0.00 | Jul 22, 2024 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | |||
| CVE-2024-41827 | 0.00 | — | 0.00 | Jul 22, 2024 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration |
- CVE-2025-24461Jan 21, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
- CVE-2025-24460Jan 21, 2025risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
- CVE-2024-56356Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
- CVE-2024-56354Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
- CVE-2024-56353Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
- CVE-2024-56351Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
- CVE-2024-56350Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
- CVE-2024-56349Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
- CVE-2024-56348Dec 20, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
- CVE-2024-47951Oct 8, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
- CVE-2024-47950Oct 8, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
- CVE-2024-47949Oct 8, 2024risk 0.00cvss —epss 0.23
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
- CVE-2024-47948Oct 8, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
- CVE-2024-47161Oct 8, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
- CVE-2024-43809Aug 16, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
- CVE-2024-43808Aug 16, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
- CVE-2024-43114Aug 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
- CVE-2024-41829Jul 22, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
- CVE-2024-41828Jul 22, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
- CVE-2024-41827Jul 22, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
Page 5 of 14