Vulnerabilities > Jetbrains > Teamcity > 2018.1.3

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24336 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
network
low complexity
jetbrains
5.3
5.3
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
6.5
6.5
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-02-25 CVE-2022-24340 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
network
low complexity
jetbrains CWE-611
critical
 9.8
9.8
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
7.5
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
low complexity
jetbrains CWE-352
8.8
8.8
2021-11-30 CVE-2021-43202 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-11-09 CVE-2021-43193 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
network
low complexity
jetbrains
critical
 9.8
9.8
2021-11-09 CVE-2021-43194 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
network
low complexity
jetbrains
5.3
5.3