) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:teamcity:9.1.4:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-31912 |
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. Published: May 11, 2021; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-31911 |
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. Published: May 11, 2021; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-31910 |
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. Published: May 11, 2021; 9:15:12 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-3315 |
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Published: May 11, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-31909 |
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. Published: May 11, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2021-31908 |
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Published: May 11, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-31907 |
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Published: May 11, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2021-31906 |
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. Published: May 11, 2021; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0: 4.0 MEDIUM |
| CVE-2021-31904 |
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. Published: May 11, 2021; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-25778 |
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2021-25777 |
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2021-25776 |
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-25775 |
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 3.8 LOW V2.0: 5.5 MEDIUM |
| CVE-2021-25774 |
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2021-25773 |
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-25772 |
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. Published: February 03, 2021; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2020-35667 |
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. Published: February 03, 2021; 11:15:14 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-27627 |
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. Published: November 16, 2020; 11:15:15 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2020-27629 |
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. Published: November 16, 2020; 10:15:13 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2020-27628 |
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. Published: November 16, 2020; 10:15:13 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |