Vulnerabilities > Jetbrains > Teamcity > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-20 CVE-2022-36322 Argument Injection or Modification vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
network
low complexity
jetbrains CWE-88
8.8
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
7.5
2022-02-25 CVE-2022-24335 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
network
high complexity
jetbrains CWE-367
8.1
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
low complexity
jetbrains CWE-352
8.8
2021-11-09 CVE-2021-43196 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
network
low complexity
jetbrains
7.5
2021-08-06 CVE-2021-37545 Improper Authentication vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
network
low complexity
jetbrains CWE-287
7.5
2021-08-06 CVE-2021-37548 Cleartext Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
network
low complexity
jetbrains CWE-312
7.5
2021-05-11 CVE-2021-31910 Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
network
low complexity
jetbrains CWE-918
7.5
2021-05-11 CVE-2021-31912 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
network
low complexity
jetbrains CWE-640
8.8