) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:jetbrains:teamcity:9.1.4:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-36365 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2024-36364 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-36363 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-36362 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible Published: May 29, 2024; 10:15:22 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-35302 |
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible Published: May 16, 2024; 7:15:48 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-35301 |
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token Published: May 16, 2024; 7:15:47 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-31140 |
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools Published: March 28, 2024; 11:15:48 AM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2024-31139 |
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector Published: March 28, 2024; 11:15:48 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2024-31138 |
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings Published: March 28, 2024; 11:15:47 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2024-31137 |
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration Published: March 28, 2024; 11:15:47 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-31136 |
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter Published: March 28, 2024; 11:15:47 AM -0400 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0:(not available) |
| CVE-2024-31135 |
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page Published: March 28, 2024; 11:15:47 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2024-31134 |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled Published: March 28, 2024; 11:15:46 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-29880 |
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process Published: March 21, 2024; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-28174 |
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly Published: March 06, 2024; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.8 MEDIUM V2.0:(not available) |
| CVE-2024-27199 |
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible Published: March 04, 2024; 1:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0:(not available) |
| CVE-2024-27198 |
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Published: March 04, 2024; 1:15:09 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2024-24942 |
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives Published: February 06, 2024; 5:15:11 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2024-24938 |
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation Published: February 06, 2024; 5:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2024-24937 |
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible Published: February 06, 2024; 5:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |