Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
5.0
2022-02-25 CVE-2022-24330 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
network
jetbrains CWE-601
5.8
2022-02-25 CVE-2022-24331 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
network
low complexity
jetbrains
critical
9.8
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.0
2022-02-25 CVE-2022-24333 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
network
low complexity
jetbrains CWE-918
4.0
2022-02-25 CVE-2022-24334 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
network
low complexity
jetbrains
5.0
2022-02-25 CVE-2022-24335 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
network
jetbrains CWE-367
6.8
2022-02-25 CVE-2022-24336 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
network
low complexity
jetbrains
5.3
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
4.0
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
jetbrains CWE-79
4.3