Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31136 | 0.00 | — | 0.01 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | |||
| CVE-2024-31135 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | |||
| CVE-2024-31134 | 0.00 | — | 0.00 | Mar 28, 2024 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | |||
| CVE-2024-29880 | 0.00 | — | 0.00 | Mar 21, 2024 | In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process | |||
| CVE-2024-28174 | 0.00 | — | 0.00 | Mar 6, 2024 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | |||
| CVE-2024-28173 | 0.00 | — | 0.01 | Mar 6, 2024 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed | |||
| CVE-2024-24942 | 0.00 | — | 0.32 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||
| CVE-2024-24938 | 0.00 | — | 0.01 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||
| CVE-2024-24937 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | |||
| CVE-2024-24936 | 0.00 | — | 0.00 | Feb 6, 2024 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | |||
| CVE-2023-50870 | 0.00 | — | 0.00 | Dec 15, 2023 | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | |||
| CVE-2023-43566 | 0.00 | — | 0.01 | Sep 19, 2023 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | |||
| CVE-2023-41250 | 0.00 | — | 0.00 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | |||
| CVE-2023-41249 | 0.00 | — | 0.53 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | |||
| CVE-2023-41248 | 0.00 | — | 0.00 | Aug 25, 2023 | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | |||
| CVE-2023-39175 | 0.00 | — | 0.01 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | |||
| CVE-2023-39174 | 0.00 | — | 0.01 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | |||
| CVE-2023-39173 | 0.00 | — | 0.00 | Jul 25, 2023 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | |||
| CVE-2023-38067 | 0.00 | — | 0.00 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | |||
| CVE-2023-38066 | 0.00 | — | 0.01 | Jul 12, 2023 | In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads |
- CVE-2024-31136Mar 28, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
- CVE-2024-31135Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
- CVE-2024-31134Mar 28, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
- CVE-2024-29880Mar 21, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
- CVE-2024-28174Mar 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
- CVE-2024-28173Mar 6, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
- CVE-2024-24942Feb 6, 2024risk 0.00cvss —epss 0.32
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
- CVE-2024-24938Feb 6, 2024risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
- CVE-2024-24937Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
- CVE-2024-24936Feb 6, 2024risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
- CVE-2023-50870Dec 15, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
- CVE-2023-43566Sep 19, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
- CVE-2023-41250Aug 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
- CVE-2023-41249Aug 25, 2023risk 0.00cvss —epss 0.53
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
- CVE-2023-41248Aug 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
- CVE-2023-39175Jul 25, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
- CVE-2023-39174Jul 25, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
- CVE-2023-39173Jul 25, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
- CVE-2023-38067Jul 12, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
- CVE-2023-38066Jul 12, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Page 7 of 14