Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-34224 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
network
low complexity
jetbrains CWE-601
4.8
2023-05-31 CVE-2023-34225 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
network
low complexity
jetbrains CWE-79
5.4
2023-05-31 CVE-2023-34226 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
network
low complexity
jetbrains CWE-79
6.1
2023-05-31 CVE-2023-34227 Exposed Dangerous Method or Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
network
low complexity
jetbrains CWE-749
7.5
2023-05-31 CVE-2023-34228 Use of Single-factor Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
network
low complexity
jetbrains CWE-308
6.5
2023-05-31 CVE-2023-34229 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48427 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48428 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
network
low complexity
jetbrains CWE-79
5.4
2023-03-27 CVE-2022-48426 Cross-site Scripting vulnerability in Jetbrains Teamcity 2022.10.3
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
network
low complexity
jetbrains CWE-79
5.4
2023-02-23 CVE-2022-48342 Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
network
low complexity
jetbrains CWE-1188
critical
9.8