) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): teamcity
- Search Type: Search All
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2025-46618 |
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-46433 |
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-46432 |
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs Published: April 25, 2025; 11:15:40 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-31141 |
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page Published: March 27, 2025; 8:15:15 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-31140 |
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page Published: March 27, 2025; 8:15:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-31139 |
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log Published: March 27, 2025; 8:15:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-26493 |
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab Published: February 11, 2025; 9:15:31 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-26492 |
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources Published: February 11, 2025; 9:15:31 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24461 |
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint Published: January 21, 2025; 1:15:19 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2025-24460 |
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool Published: January 21, 2025; 1:15:19 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2025-24459 |
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page Published: January 21, 2025; 1:15:18 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-56356 |
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0:(not available) |
| CVE-2024-56355 |
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-56354 |
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2024-56353 |
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies Published: December 20, 2024; 10:15:09 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-56352 |
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-56351 |
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-56350 |
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2024-56349 |
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs Published: December 20, 2024; 10:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2024-56348 |
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents Published: December 20, 2024; 10:15:05 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |