VYPR

Teamcity

by Jetbrains

Source repositories

CVEs (267)

  • CVE-2022-48426Mar 27, 2023
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible

  • CVE-2022-48344Feb 23, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.

  • CVE-2022-48343Feb 23, 2023
    risk 0.00cvss epss 0.59

    In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.

  • CVE-2022-48342Feb 23, 2023
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.

  • CVE-2022-46831Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

  • CVE-2022-46830Dec 8, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

  • CVE-2022-44623Nov 3, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings

  • CVE-2022-44624Nov 3, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

  • CVE-2022-44622Nov 3, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive

  • CVE-2022-44646Nov 3, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings

  • CVE-2022-40979Sep 23, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable

  • CVE-2022-38133Aug 10, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

  • CVE-2022-36322Jul 20, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.04.2 build parameter injection was possible

  • CVE-2022-36321Jul 20, 2022
    risk 0.00cvss epss 0.02

    In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases

  • CVE-2022-29929May 12, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

  • CVE-2022-29928May 12, 2022
    risk 0.00cvss epss 0.00

    In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

  • CVE-2022-29927May 12, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

  • CVE-2022-25261Feb 25, 2022
    risk 0.00cvss epss 0.01

    JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.

  • CVE-2022-25263Feb 25, 2022
    risk 0.00cvss epss 0.02

    JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.

  • CVE-2022-25264Feb 25, 2022
    risk 0.00cvss epss 0.01

    In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

Page 9 of 14