Vulnerabilities > Jetbrains > Teamcity > 2020.1.1

DATE CVE VULNERABILITY TITLE RISK
2025-04-25 CVE-2025-46432 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
network
low complexity
jetbrains CWE-532
6.5
6.5
2025-04-25 CVE-2025-46433 Relative Path Traversal vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
network
low complexity
jetbrains CWE-23
critical
 9.8
9.8
2025-04-25 CVE-2025-46618 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-03-27 CVE-2025-31139 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
network
low complexity
jetbrains CWE-532
6.5
6.5
2025-03-27 CVE-2025-31140 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-03-27 CVE-2025-31141 Information Exposure Through an Error Message vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
network
low complexity
jetbrains CWE-209
7.5
7.5
2025-02-11 CVE-2025-26492 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
network
low complexity
jetbrains CWE-522
critical
 9.1
9.1
2025-02-11 CVE-2025-26493 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-01-21 CVE-2025-24459 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-01-21 CVE-2025-24460 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
network
low complexity
jetbrains CWE-863
4.3
4.3