Vulnerabilities > Jetbrains > Teamcity > 2020.2.85695

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2025-26492 Insufficiently Protected Credentials vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
network
low complexity
jetbrains CWE-522
critical
 9.1
9.1
2025-02-11 CVE-2025-26493 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-01-21 CVE-2025-24459 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
network
low complexity
jetbrains CWE-79
6.1
6.1
2025-01-21 CVE-2025-24460 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
network
low complexity
jetbrains CWE-863
4.3
4.3
2024-12-20 CVE-2024-56348 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
network
low complexity
jetbrains CWE-863
4.3
4.3
2024-12-20 CVE-2024-56349 Missing Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
network
low complexity
jetbrains CWE-862
5.3
5.3
2024-12-20 CVE-2024-56350 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
network
low complexity
jetbrains CWE-863
4.3
4.3
2024-12-20 CVE-2024-56351 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
network
low complexity
jetbrains CWE-613
8.8
8.8
2024-12-20 CVE-2024-56352 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
network
low complexity
jetbrains CWE-79
5.4
5.4
2024-12-20 CVE-2024-56353 Improper Cross-boundary Removal of Sensitive Data vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
network
low complexity
jetbrains CWE-212
6.5
6.5