Vulnerabilities > Jetbrains > Teamcity > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-25 CVE-2023-39173 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
network
low complexity
jetbrains
8.8
2023-07-25 CVE-2023-39174 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
network
low complexity
jetbrains
7.5
2023-05-31 CVE-2023-34227 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
network
low complexity
jetbrains
7.5
2022-11-03 CVE-2022-44623 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
network
low complexity
jetbrains
7.5
2022-11-03 CVE-2022-44624 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
network
low complexity
jetbrains CWE-532
7.5
2022-07-20 CVE-2022-36322 Argument Injection or Modification vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
network
low complexity
jetbrains CWE-88
8.8
2022-02-25 CVE-2022-25264 Insecure Storage of Sensitive Information vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
network
low complexity
jetbrains CWE-922
7.5
2022-02-25 CVE-2022-24335 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
network
high complexity
jetbrains CWE-367
8.1
2022-02-25 CVE-2022-24341 Insufficient Session Expiration vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
network
low complexity
jetbrains CWE-613
7.5
2022-02-25 CVE-2022-24342 Cross-Site Request Forgery (CSRF) vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
network
low complexity
jetbrains CWE-352
8.8