VYPR

Teamcity

by Jetbrains

Source repositories

CVEs (267)

  • CVE-2024-31136Mar 28, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

  • CVE-2024-31135Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 open redirect was possible on the login page

  • CVE-2024-31134Mar 28, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled

  • CVE-2024-29880Mar 21, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

  • CVE-2024-28174Mar 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly

  • CVE-2024-28173Mar 6, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed

  • CVE-2024-24942Feb 6, 2024
    risk 0.00cvss epss 0.32

    In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives

  • CVE-2024-24938Feb 6, 2024
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation

  • CVE-2024-24937Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible

  • CVE-2024-24936Feb 6, 2024
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

  • CVE-2023-50870Dec 15, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible

  • CVE-2023-43566Sep 19, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration

  • CVE-2023-41250Aug 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration

  • CVE-2023-41249Aug 25, 2023
    risk 0.00cvss epss 0.53

    In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step

  • CVE-2023-41248Aug 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration

  • CVE-2023-39175Jul 25, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible

  • CVE-2023-39174Jul 25, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers

  • CVE-2023-39173Jul 25, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

  • CVE-2023-38067Jul 12, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log

  • CVE-2023-38066Jul 12, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads

Page 7 of 14