Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Teamcity
(Jetbrains)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 197 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-28 | CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | Teamcity | 6.1 | ||
| 2024-03-28 | CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | Teamcity | 5.4 | ||
| 2024-07-01 | CVE-2024-39878 | In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | Teamcity | 5.3 | ||
| 2024-07-01 | CVE-2024-39879 | In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | Teamcity | 5.3 | ||
| 2024-07-22 | CVE-2024-41824 | In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases | Teamcity | 6.5 | ||
| 2024-07-22 | CVE-2024-41825 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | Teamcity | 5.4 | ||
| 2024-07-22 | CVE-2024-41826 | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | Teamcity | 4.8 | ||
| 2024-07-22 | CVE-2024-41827 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | Teamcity | 9.8 | ||
| 2024-07-22 | CVE-2024-41828 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | Teamcity | 6.5 | ||
| 2024-07-22 | CVE-2024-41829 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | Teamcity | 7.5 |