Teamcity
by Jetbrains
Source repositories
CVEs (166)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36362 | 0.00 | — | 0.00 | May 29, 2024 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | ||
| CVE-2024-35301 | 0.00 | — | 0.00 | May 16, 2024 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | ||
| CVE-2024-35300 | 0.00 | — | 0.01 | May 16, 2024 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible | ||
| CVE-2024-31140 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | ||
| CVE-2024-31139 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | ||
| CVE-2024-31138 | 0.00 | — | 0.05 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | ||
| CVE-2024-31137 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | ||
| CVE-2024-31136 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | ||
| CVE-2024-31135 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | ||
| CVE-2024-31134 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | ||
| CVE-2024-29880 | 0.00 | — | 0.00 | Mar 21, 2024 | In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process | ||
| CVE-2024-28174 | 0.00 | — | 0.00 | Mar 6, 2024 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | ||
| CVE-2024-28173 | 0.00 | — | 0.00 | Mar 6, 2024 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | ||
| CVE-2024-24942 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | ||
| CVE-2024-24938 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | ||
| CVE-2024-24937 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | ||
| CVE-2024-24936 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | ||
| CVE-2023-50870 | 0.00 | — | 0.00 | Dec 15, 2023 | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | ||
| CVE-2023-43566 | 0.00 | — | 0.00 | Sep 19, 2023 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | ||
| CVE-2023-41250 | 0.00 | — | 0.00 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration |
Page 6 of 9