Vulnerabilities > Jetbrains > Teamcity > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-15 | CVE-2023-50870 | Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | 8.8 |
2023-07-25 | CVE-2023-39173 | Incorrect Privilege Assignment vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | 8.8 |
2023-07-25 | CVE-2023-39174 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | 7.5 |
2023-05-31 | CVE-2023-34227 | Exposed Dangerous Method or Function vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | 7.5 |
2022-11-03 | CVE-2022-44623 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | 7.5 |
2022-11-03 | CVE-2022-44624 | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | 7.5 |
2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 7.5 |
2022-02-25 | CVE-2022-24340 | XXE vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 7.5 |
2021-11-30 | CVE-2021-43202 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | 7.5 |
2021-11-09 | CVE-2021-43193 | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | 7.5 |