Vulnerabilities > Jetbrains > Teamcity > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-15 CVE-2023-50870 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
network
low complexity
jetbrains CWE-352
8.8
8.8
2023-07-25 CVE-2023-39173 Incorrect Privilege Assignment vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
network
low complexity
jetbrains CWE-266
8.8
8.8
2023-07-25 CVE-2023-39174 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
network
low complexity
jetbrains
7.5
7.5
2023-05-31 CVE-2023-34227 Exposed Dangerous Method or Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
network
low complexity
jetbrains CWE-749
7.5
7.5
2022-11-03 CVE-2022-44623 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
network
low complexity
jetbrains
7.5
7.5
2022-11-03 CVE-2022-44624 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
network
low complexity
jetbrains CWE-532
7.5
7.5
2022-02-25 CVE-2022-25263 OS Command Injection vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
network
low complexity
jetbrains CWE-78
7.5
7.5
2022-02-25 CVE-2022-24340 XXE vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
network
low complexity
jetbrains CWE-611
7.5
7.5
2021-11-30 CVE-2021-43202 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
network
low complexity
jetbrains
7.5
7.5
2021-11-09 CVE-2021-43193 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
network
low complexity
jetbrains
7.5
7.5