Vulnerabilities > Jetbrains > Teamcity

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24332 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
network
low complexity
jetbrains CWE-613
5.3
5.3
2022-02-25 CVE-2022-24333 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
network
low complexity
jetbrains CWE-918
6.5
6.5
2022-02-25 CVE-2022-24334 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
network
low complexity
jetbrains
5.3
5.3
2022-02-25 CVE-2022-24335 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
network
high complexity
jetbrains CWE-367
8.1
8.1
2022-02-25 CVE-2022-24336 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
network
low complexity
jetbrains
5.3
5.3
2022-02-25 CVE-2022-24337 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
network
low complexity
jetbrains CWE-276
6.5
6.5
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
6.1
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
low complexity
jetbrains CWE-79
5.4
5.4
2022-02-25 CVE-2022-24340 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
network
low complexity
jetbrains CWE-611
critical
 9.8
9.8
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
7.5