Vulnerabilities > Jetbrains > Teamcity > 3.1

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24334 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
network
low complexity
jetbrains
5.3
5.3
2022-02-25 CVE-2022-24335 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
network
high complexity
jetbrains CWE-367
8.1
8.1
2022-02-25 CVE-2022-24336 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
network
low complexity
jetbrains
5.3
5.3
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
6.5
6.5
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-02-25 CVE-2022-24340 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
network
low complexity
jetbrains CWE-611
critical
 9.8
9.8
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
7.5
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
low complexity
jetbrains CWE-352
8.8
8.8
2021-11-30 CVE-2021-43202 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
network
low complexity
jetbrains
critical
 9.8
9.8