Vulnerabilities > Jetbrains > Teamcity > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-38066 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
network
low complexity
jetbrains CWE-79
6.1
2023-07-12 CVE-2023-38067 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
network
low complexity
jetbrains CWE-532
6.5
2023-06-29 CVE-2015-1313 Forced Browsing vulnerability in Jetbrains Teamcity
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
network
low complexity
jetbrains CWE-425
6.5
2023-05-31 CVE-2023-34219 Incorrect Authorization vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
network
low complexity
jetbrains CWE-863
4.3
2023-05-31 CVE-2023-34220 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
network
low complexity
jetbrains CWE-79
5.4
2023-05-31 CVE-2023-34221 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
network
low complexity
jetbrains CWE-79
5.4
2023-05-31 CVE-2023-34222 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
network
low complexity
jetbrains CWE-79
6.1
2023-05-31 CVE-2023-34223 Information Exposure Through Log Files vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
network
low complexity
jetbrains CWE-532
5.3
2023-05-31 CVE-2023-34224 Open Redirect vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
network
low complexity
jetbrains CWE-601
4.8
2023-05-31 CVE-2023-34225 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
network
low complexity
jetbrains CWE-79
5.4