Vulnerabilities > Jetbrains > Teamcity > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-29 CVE-2024-36370 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
network
low complexity
jetbrains CWE-79
5.4
2024-05-16 CVE-2024-35300 Cross-site Scripting vulnerability in Jetbrains Teamcity 2024.03
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
network
low complexity
jetbrains CWE-79
6.1
2024-05-16 CVE-2024-35301 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
network
low complexity
jetbrains
5.5
2024-05-16 CVE-2024-35302 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
network
low complexity
jetbrains CWE-79
6.1
2024-03-28 CVE-2024-31134 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
network
low complexity
jetbrains CWE-863
6.5
2024-03-28 CVE-2024-31135 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
network
low complexity
jetbrains CWE-601
6.1
2024-03-28 CVE-2024-31137 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
network
low complexity
jetbrains CWE-79
6.1
2024-03-28 CVE-2024-31138 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
network
low complexity
jetbrains CWE-79
5.4
2024-03-28 CVE-2024-31140 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
network
low complexity
jetbrains
4.9
2024-03-06 CVE-2024-28173 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
network
low complexity
jetbrains
4.3