Vulnerabilities > Jetbrains > Teamcity > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-05-12 CVE-2022-29927 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-05-12 CVE-2022-29928 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
network
low complexity
jetbrains CWE-532
4.9
4.9
2022-05-12 CVE-2022-29929 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-25261 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-25263 OS Command Injection vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
network
low complexity
jetbrains CWE-78
critical
 9.8
9.8
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
7.5
7.5
2022-02-25 CVE-2022-24330 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
network
low complexity
jetbrains CWE-601
6.1
6.1
2022-02-25 CVE-2022-24331 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
network
low complexity
jetbrains
critical
 9.8
9.8
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.3
5.3
2022-02-25 CVE-2022-24333 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
network
low complexity
jetbrains CWE-918
6.5
6.5