Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Teamcity
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 197 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-31 | CVE-2023-34218 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | Teamcity | 9.8 | ||
| 2023-05-31 | CVE-2023-34219 | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | Teamcity | 4.3 | ||
| 2023-05-31 | CVE-2023-34220 | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible | Teamcity | 5.4 | ||
| 2023-05-31 | CVE-2023-34221 | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible | Teamcity | 5.4 | ||
| 2023-05-31 | CVE-2023-34222 | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible | Teamcity | 6.1 | ||
| 2023-05-31 | CVE-2023-34223 | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | Teamcity | 5.3 | ||
| 2023-05-31 | CVE-2023-34224 | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | Teamcity | 4.8 | ||
| 2023-05-31 | CVE-2023-34226 | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible | Teamcity | 6.1 | ||
| 2023-05-31 | CVE-2023-34225 | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible | Teamcity | 5.4 | ||
| 2023-05-31 | CVE-2023-34227 | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | Teamcity | 7.5 |