Teamcity
by Jetbrains
Source repositories
CVEs (267)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-48426 | 0.00 | — | 0.01 | Mar 27, 2023 | In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible | |||
| CVE-2022-48344 | 0.00 | — | 0.00 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | |||
| CVE-2022-48343 | 0.00 | — | 0.59 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | |||
| CVE-2022-48342 | 0.00 | — | 0.00 | Feb 23, 2023 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | |||
| CVE-2022-46831 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | |||
| CVE-2022-46830 | 0.00 | — | 0.00 | Dec 8, 2022 | In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. | |||
| CVE-2022-44623 | 0.00 | — | 0.01 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | |||
| CVE-2022-44624 | 0.00 | — | 0.01 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | |||
| CVE-2022-44622 | 0.00 | — | 0.00 | Nov 3, 2022 | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||
| CVE-2022-44646 | 0.00 | — | 0.00 | Nov 3, 2022 | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | |||
| CVE-2022-40979 | 0.00 | — | 0.00 | Sep 23, 2022 | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | |||
| CVE-2022-38133 | 0.00 | — | 0.00 | Aug 10, 2022 | In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | |||
| CVE-2022-36322 | 0.00 | — | 0.01 | Jul 20, 2022 | In JetBrains TeamCity before 2022.04.2 build parameter injection was possible | |||
| CVE-2022-36321 | 0.00 | — | 0.02 | Jul 20, 2022 | In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | |||
| CVE-2022-29929 | 0.00 | — | 0.00 | May 12, 2022 | In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | |||
| CVE-2022-29928 | 0.00 | — | 0.00 | May 12, 2022 | In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | |||
| CVE-2022-29927 | 0.00 | — | 0.01 | May 12, 2022 | In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | |||
| CVE-2022-25261 | 0.00 | — | 0.01 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | |||
| CVE-2022-25263 | 0.00 | — | 0.02 | Feb 25, 2022 | JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||
| CVE-2022-25264 | 0.00 | — | 0.01 | Feb 25, 2022 | In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. |
- CVE-2022-48426Mar 27, 2023risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
- CVE-2022-48344Feb 23, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
- CVE-2022-48343Feb 23, 2023risk 0.00cvss —epss 0.59
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
- CVE-2022-48342Feb 23, 2023risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
- CVE-2022-46831Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
- CVE-2022-46830Dec 8, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
- CVE-2022-44623Nov 3, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
- CVE-2022-44624Nov 3, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
- CVE-2022-44622Nov 3, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
- CVE-2022-44646Nov 3, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
- CVE-2022-40979Sep 23, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
- CVE-2022-38133Aug 10, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
- CVE-2022-36322Jul 20, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
- CVE-2022-36321Jul 20, 2022risk 0.00cvss —epss 0.02
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
- CVE-2022-29929May 12, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
- CVE-2022-29928May 12, 2022risk 0.00cvss —epss 0.00
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
- CVE-2022-29927May 12, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
- CVE-2022-25261Feb 25, 2022risk 0.00cvss —epss 0.01
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
- CVE-2022-25263Feb 25, 2022risk 0.00cvss —epss 0.02
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
- CVE-2022-25264Feb 25, 2022risk 0.00cvss —epss 0.01
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
Page 9 of 14