Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-34224 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
network
low complexity
jetbrains CWE-601
4.8
4.8
2023-05-31 CVE-2023-34225 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-05-31 CVE-2023-34226 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-05-31 CVE-2023-34227 Exposed Dangerous Method or Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
network
low complexity
jetbrains CWE-749
7.5
7.5
2023-05-31 CVE-2023-34228 Use of Single-factor Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
network
low complexity
jetbrains CWE-308
6.5
6.5
2023-05-31 CVE-2023-34229 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
network
low complexity
jetbrains CWE-79
5.4
5.4
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
 9.8
9.8
2023-02-23 CVE-2022-48343 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1
2023-02-23 CVE-2022-48344 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-12-08 CVE-2022-46830 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity 2022.10
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
network
low complexity
jetbrains CWE-918
5.3
5.3