) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:teamcity:2020.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-47854 |
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page Published: May 20, 2025; 2:15:47 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2025-47853 |
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible Published: May 20, 2025; 2:15:47 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2025-47852 |
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible Published: May 20, 2025; 2:15:47 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2025-47851 |
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible Published: May 20, 2025; 2:15:47 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2025-46618 |
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2025-46433 |
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2025-46432 |
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2025-31141 |
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page Published: March 27, 2025; 8:15:15 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2025-31140 |
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page Published: March 27, 2025; 8:15:14 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2025-31139 |
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log Published: March 27, 2025; 8:15:14 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2025-26493 |
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab Published: February 11, 2025; 9:15:31 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2025-26492 |
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources Published: February 11, 2025; 9:15:31 AM -0500 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0:(not available) |
| CVE-2025-24460 |
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool Published: January 21, 2025; 1:15:19 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2025-24459 |
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page Published: January 21, 2025; 1:15:18 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-56356 |
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
| CVE-2024-56355 |
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-56354 |
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2024-56353 |
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-56352 |
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-56351 |
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |