Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2024-03-28 CVE-2024-31134 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
network
low complexity
jetbrains CWE-863
6.5
2024-03-28 CVE-2024-31135 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
network
low complexity
jetbrains CWE-601
6.1
2024-03-28 CVE-2024-31136 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
network
high complexity
jetbrains
7.4
2024-03-28 CVE-2024-31137 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
network
low complexity
jetbrains CWE-79
6.1
2024-03-28 CVE-2024-31138 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
network
low complexity
jetbrains CWE-79
5.4
2024-03-28 CVE-2024-31139 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
network
low complexity
jetbrains CWE-611
8.1
2024-03-28 CVE-2024-31140 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
network
low complexity
jetbrains
4.9
2024-03-21 CVE-2024-29880 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
local
low complexity
jetbrains
7.8
2024-03-06 CVE-2024-28173 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
network
low complexity
jetbrains
4.3
2024-03-06 CVE-2024-28174 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
network
low complexity
jetbrains CWE-863
5.8