In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS

In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page

In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles

In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects

In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings

In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location

In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups

In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin

In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page

In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions

In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time