Vulnerabilities > Jetbrains > Teamcity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-08 | CVE-2022-46831 | Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity 2022.10 In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. | 4.9 |
| 2022-11-03 | CVE-2022-44622 | Unspecified vulnerability in Jetbrains Teamcity 2021.2/2022.04/2022.04.2 In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | 5.3 |
| 2022-11-03 | CVE-2022-44623 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | 7.5 |
| 2022-11-03 | CVE-2022-44624 | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | 7.5 |
| 2022-11-03 | CVE-2022-44646 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | 5.3 |
| 2022-05-12 | CVE-2022-29927 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | 4.3 |
| 2022-05-12 | CVE-2022-29928 | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | 4.0 |
| 2022-05-12 | CVE-2022-29929 | Cross-site Scripting vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | 4.3 |
| 2022-02-25 | CVE-2022-25261 | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | 4.3 |
| 2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 7.5 |