Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
jetbrains CWE-79
3.5
2022-02-25 CVE-2022-24340 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
network
low complexity
jetbrains CWE-611
7.5
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
5.0
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
jetbrains CWE-352
6.8
2021-11-30 CVE-2021-43202 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
network
low complexity
jetbrains
7.5
2021-11-09 CVE-2021-43193 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
network
low complexity
jetbrains
7.5
2021-11-09 CVE-2021-43194 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
network
low complexity
jetbrains
5.0
2021-11-09 CVE-2021-43195 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
network
low complexity
jetbrains
5.0
2021-11-09 CVE-2021-43196 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
network
low complexity
jetbrains
5.0
2021-11-09 CVE-2021-43197 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
network
jetbrains CWE-79
4.3