Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Teamcity
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 197 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-22 | CVE-2024-41827 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | Teamcity | 9.8 | ||
| 2024-07-22 | CVE-2024-41828 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | Teamcity | 6.5 | ||
| 2024-07-22 | CVE-2024-41829 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | Teamcity | 7.5 | ||
| 2024-10-08 | CVE-2024-47948 | In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | Teamcity | 7.5 | ||
| 2024-10-08 | CVE-2024-47161 | In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | Teamcity | 6.5 | ||
| 2024-10-08 | CVE-2024-47949 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | Teamcity | 7.5 | ||
| 2024-10-08 | CVE-2024-47950 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | Teamcity | 5.4 | ||
| 2024-10-08 | CVE-2024-47951 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | Teamcity | 5.4 | ||
| 2024-08-06 | CVE-2024-43114 | In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | Teamcity | 7.8 | ||
| 2024-08-16 | CVE-2024-43807 | In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | Teamcity | 5.4 |