Vulnerabilities > Jetbrains > Teamcity > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-24338 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
network
low complexity
jetbrains CWE-79
6.1
2022-02-25 CVE-2022-24339 Cross-site Scripting vulnerability in Jetbrains Teamcity
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
network
low complexity
jetbrains CWE-79
5.4
2021-11-09 CVE-2021-43194 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
network
low complexity
jetbrains
5.3
2021-11-09 CVE-2021-43195 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
network
low complexity
jetbrains
5.3
2021-11-09 CVE-2021-43197 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
network
low complexity
jetbrains CWE-79
6.1
2021-11-09 CVE-2021-43198 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
network
low complexity
jetbrains CWE-79
5.4
2021-11-09 CVE-2021-43199 Incorrect Default Permissions vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
network
low complexity
jetbrains CWE-276
5.3
2021-11-09 CVE-2021-43201 Unspecified vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
network
low complexity
jetbrains
5.3
2021-08-06 CVE-2021-37542 Cross-site Scripting vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2020.2.3, XSS was possible.
network
low complexity
jetbrains CWE-79
6.1
2021-08-06 CVE-2021-37546 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
network
low complexity
jetbrains CWE-327
5.3