Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Teamcity
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 197 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-02 | CVE-2019-15036 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | Teamcity | N/A | ||
| 2019-09-05 | CVE-2019-15848 | JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | Teamcity | 6.1 | ||
| 2019-07-03 | CVE-2019-12844 | A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. | Teamcity | 6.1 | ||
| 2019-07-03 | CVE-2019-12843 | A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. | Teamcity | 6.1 | ||
| 2019-07-03 | CVE-2019-12841 | Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | Teamcity | 7.5 | ||
| 2019-07-03 | CVE-2019-12846 | A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. | Teamcity | 4.3 | ||
| 2019-07-03 | CVE-2019-12845 | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. | Teamcity | 5.3 | ||
| 2019-07-03 | CVE-2019-12842 | A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. | Teamcity | 6.1 | ||
| 2015-01-13 | CVE-2014-10036 | Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. | Teamcity | N/A | ||
| 2015-01-13 | CVE-2014-10002 | Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | Teamcity | N/A |