Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Teamcity
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 209 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-29 | CVE-2024-36371 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | Teamcity | 5.4 | ||
| 2024-05-29 | CVE-2024-36470 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases | Teamcity | 9.8 | ||
| 2025-01-21 | CVE-2025-24459 | In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | Teamcity | 6.1 | ||
| 2025-01-21 | CVE-2025-24461 | In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint | Teamcity | 6.5 | ||
| 2025-01-21 | CVE-2025-24460 | In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | Teamcity | 4.3 | ||
| 2024-05-29 | CVE-2024-36377 | In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | Teamcity | 8.1 | ||
| 2024-05-29 | CVE-2024-36378 | In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | Teamcity | 7.5 | ||
| 2024-05-29 | CVE-2024-36372 | In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | Teamcity | 6.1 | ||
| 2024-05-29 | CVE-2024-36373 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | Teamcity | 5.4 | ||
| 2024-05-29 | CVE-2024-36374 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | Teamcity | 5.4 |