Vulnerabilities > Jetbrains > Teamcity > 10.0.5

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-34223 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
network
low complexity
jetbrains CWE-532
5.3
5.3
2023-05-31 CVE-2023-34224 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
network
low complexity
jetbrains CWE-601
4.8
4.8
2023-05-31 CVE-2023-34225 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-05-31 CVE-2023-34226 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-05-31 CVE-2023-34227 Exposed Dangerous Method or Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
network
low complexity
jetbrains CWE-749
7.5
7.5
2023-05-31 CVE-2023-34228 Use of Single-factor Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
network
low complexity
jetbrains CWE-308
6.5
6.5
2023-05-31 CVE-2023-34229 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
 9.8
9.8
2023-02-23 CVE-2022-48343 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-02-23 CVE-2022-48344 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1