Teamcity CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (254 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-24338	1 Jetbrains	1 Teamcity	2024-11-21	6.1 Medium
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24337	1 Jetbrains	1 Teamcity	2024-11-21	6.5 Medium
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24336	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24335	1 Jetbrains	1 Teamcity	2024-11-21	8.1 High
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2022-24334	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24333	1 Jetbrains	1 Teamcity	2024-11-21	6.5 Medium
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24332	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24331	1 Jetbrains	1 Teamcity	2024-11-21	9.8 Critical
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-24330	1 Jetbrains	1 Teamcity	2024-11-21	6.1 Medium
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2021-43202	1 Jetbrains	1 Teamcity	2024-11-21	9.8 Critical
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43201	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVE-2021-43200	1 Jetbrains	1 Teamcity	2024-11-21	9.8 Critical
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2021-43199	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-43198	1 Jetbrains	1 Teamcity	2024-11-21	5.4 Medium
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43197	1 Jetbrains	1 Teamcity	2024-11-21	6.1 Medium
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43196	1 Jetbrains	1 Teamcity	2024-11-21	7.5 High
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2021-43195	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2021-43194	1 Jetbrains	1 Teamcity	2024-11-21	5.3 Medium
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2021-43193	1 Jetbrains	1 Teamcity	2024-11-21	9.8 Critical
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVE-2021-3315	1 Jetbrains	1 Teamcity	2024-11-21	5.4 Medium
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

« first previous Page 9 of 13. next last »