Vulnerabilities > Jetbrains > Teamcity > 2023.05.2

DATE CVE VULNERABILITY TITLE RISK
2024-05-16 CVE-2024-35302 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2024-03-28 CVE-2024-31134 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
network
low complexity
jetbrains CWE-863
6.5
6.5
2024-03-28 CVE-2024-31136 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
network
high complexity
jetbrains
7.4
7.4
2024-03-28 CVE-2024-31139 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
network
low complexity
jetbrains CWE-611
8.1
8.1
2024-03-28 CVE-2024-31140 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
network
low complexity
jetbrains
4.9
4.9
2024-03-21 CVE-2024-29880 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
local
low complexity
jetbrains
7.8
7.8
2024-03-06 CVE-2024-28174 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
network
low complexity
jetbrains CWE-863
5.8
5.8
2024-03-04 CVE-2024-27199 Path Traversal vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
network
low complexity
jetbrains CWE-22
7.3
7.3
2023-09-19 CVE-2023-42793 Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
network
low complexity
jetbrains CWE-306
critical
 9.8
9.8