U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:jetbrains:teamcity:9.1.4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 206 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2020-15831

JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15830

JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-15829

In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-15828

In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.

Published: August 08, 2020; 5:15:11 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-11689

In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.

Published: April 22, 2020; 10:15:12 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-11688

In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.

Published: April 22, 2020; 10:15:12 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-11687

In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.

Published: April 22, 2020; 10:15:12 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-11686

In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.

Published: April 22, 2020; 10:15:12 AM -0400 		V4.0:(not available)
 V3.1: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2020-7911

In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.

Published: January 30, 2020; 1:15:12 PM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7910

JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.

Published: January 30, 2020; 1:15:12 PM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-7909

In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.

Published: January 30, 2020; 1:15:11 PM -0500 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-7908

In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.

Published: January 30, 2020; 1:15:11 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-18367

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

Published: October 31, 2019; 12:15:11 PM -0400 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-18366

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

Published: October 31, 2019; 12:15:10 PM -0400 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-18365

In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.

Published: October 31, 2019; 12:15:10 PM -0400 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-18364

In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.

Published: October 31, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-18363

In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.

Published: October 31, 2019; 11:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2019-12157

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

Published: October 02, 2019; 3:15:11 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH