Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains Subscribe
Filtered by product Teamcity

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 91 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31906 1 Jetbrains 1 Teamcity 2021-05-14 4.0 MEDIUM 2.7 LOW
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2021-31907 1 Jetbrains 1 Teamcity 2021-05-14 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-31909 1 Jetbrains 1 Teamcity 2021-05-14 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-3315 1 Jetbrains 1 Teamcity 2021-05-13 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2021-31908 1 Jetbrains 1 Teamcity 2021-05-13 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2020-35667 1 Jetbrains 1 Teamcity 2021-02-05 5.0 MEDIUM 7.5 HIGH
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
CVE-2021-25774 1 Jetbrains 1 Teamcity 2021-02-05 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVE-2021-25772 1 Jetbrains 1 Teamcity 2021-02-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2021-25776 1 Jetbrains 1 Teamcity 2021-02-04 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-25777 1 Jetbrains 1 Teamcity 2021-02-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-25773 1 Jetbrains 1 Teamcity 2021-02-04 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2019-12157 1 Jetbrains 2 Teamcity, Upsource 2021-01-26 10.0 HIGH 9.8 CRITICAL
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
CVE-2020-27629 1 Jetbrains 1 Teamcity 2020-12-01 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVE-2020-27627 1 Jetbrains 1 Teamcity 2020-12-01 5.8 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2020-27628 1 Jetbrains 1 Teamcity 2020-11-23 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2019-15039 1 Jetbrains 1 Teamcity 2020-08-24 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVE-2019-12845 1 Jetbrains 1 Teamcity 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVE-2019-12843 1 Jetbrains 1 Teamcity 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
CVE-2019-15038 1 Jetbrains 1 Teamcity 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVE-2019-12844 1 Jetbrains 1 Teamcity 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
CVE-2019-12846 1 Jetbrains 1 Teamcity 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
CVE-2020-15830 1 Jetbrains 1 Teamcity 2020-08-10 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVE-2020-15831 1 Jetbrains 1 Teamcity 2020-08-10 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVE-2020-11687 1 Jetbrains 1 Teamcity 2020-04-27 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVE-2020-11688 1 Jetbrains 1 Teamcity 2020-04-27 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVE-2020-11689 1 Jetbrains 1 Teamcity 2020-04-27 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-7909 1 Jetbrains 1 Teamcity 2020-02-01 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVE-2020-7910 1 Jetbrains 1 Teamcity 2020-01-31 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2020-7911 1 Jetbrains 1 Teamcity 2020-01-31 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
CVE-2019-18365 1 Jetbrains 1 Teamcity 2019-11-07 4.3 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2019-18366 1 Jetbrains 1 Teamcity 2019-11-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2019-18367 1 Jetbrains 1 Teamcity 2019-11-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2019-18364 1 Jetbrains 1 Teamcity 2019-11-01 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVE-2019-15042 1 Jetbrains 1 Teamcity 2019-10-07 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2019-15036 1 Jetbrains 1 Teamcity 2019-10-03 9.0 HIGH 7.2 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-15037 1 Jetbrains 1 Teamcity 2019-10-03 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
CVE-2019-15848 1 Jetbrains 1 Teamcity 2019-09-18 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
CVE-2019-12841 1 Jetbrains 1 Teamcity 2019-07-09 5.0 MEDIUM 7.5 HIGH
Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-12842 1 Jetbrains 1 Teamcity 2019-07-05 4.3 MEDIUM 6.1 MEDIUM
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
CVE-2014-10036 1 Jetbrains 1 Teamcity 2017-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
CVE-2014-10002 1 Jetbrains 1 Teamcity 2015-01-13 5.0 MEDIUM N/A
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.