|
|
Search Results
There are 199 CVE Records that match your search.
| Name | Description |
|---|---|
| CVE-2024-47951 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings |
| CVE-2024-47950 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings |
| CVE-2024-47949 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location |
| CVE-2024-47948 | In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups |
| CVE-2024-47161 | In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API |
| CVE-2024-43810 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin |
| CVE-2024-43809 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page |
| CVE-2024-43808 | In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin |
| CVE-2024-43807 | In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page |
| CVE-2024-43114 | In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions |
| CVE-2024-41829 | In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection |
| CVE-2024-41828 | In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time |
| CVE-2024-41827 | In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration |
| CVE-2024-41826 | In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page |
| CVE-2024-41825 | In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab |
| CVE-2024-41824 | In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases |
| CVE-2024-39879 | In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings |
| CVE-2024-39878 | In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection |
| CVE-2024-36470 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases |
| CVE-2024-36378 | In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens |
| CVE-2024-36377 | In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions |
| CVE-2024-36376 | In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions |
| CVE-2024-36375 | In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed |
| CVE-2024-36374 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible |
| CVE-2024-36373 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible |
| CVE-2024-36372 | In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible |
| CVE-2024-36371 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible |
| CVE-2024-36370 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible |
| CVE-2024-36369 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible |
| CVE-2024-36368 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible |
| CVE-2024-36367 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible |
| CVE-2024-36366 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations |
| CVE-2024-36365 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent |
| CVE-2024-36364 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible |
| CVE-2024-36363 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible |
| CVE-2024-36362 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible |
| CVE-2024-35302 | In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible |
| CVE-2024-35301 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token |
| CVE-2024-35300 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible |
| CVE-2024-31140 | In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools |
| CVE-2024-31139 | In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector |
| CVE-2024-31138 | In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings |
| CVE-2024-31137 | In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration |
| CVE-2024-31136 | In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter |
| CVE-2024-31135 | In JetBrains TeamCity before 2024.03 open redirect was possible on the login page |
| CVE-2024-31134 | In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled |
| CVE-2024-29880 | In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process |
| CVE-2024-28174 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly |
| CVE-2024-28173 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed |
| CVE-2024-27199 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
| CVE-2024-27198 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible |
| CVE-2024-24942 | In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives |
| CVE-2024-24938 | In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation |
| CVE-2024-24937 | In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible |
| CVE-2024-24936 | In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed |
| CVE-2024-23917 | In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible |
| CVE-2023-50870 | In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible |
| CVE-2023-43566 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration |
| CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible |
| CVE-2023-41250 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration |
| CVE-2023-41249 | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step |
| CVE-2023-41248 | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration |
| CVE-2023-39175 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible |
| CVE-2023-39174 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers |
| CVE-2023-39173 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access |
| CVE-2023-38067 | In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log |
| CVE-2023-38066 | In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads |
| CVE-2023-38065 | In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible |
| CVE-2023-38064 | In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log |
| CVE-2023-38063 | In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible |
| CVE-2023-38062 | In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations |
| CVE-2023-38061 | In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible |
| CVE-2023-34229 | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible |
| CVE-2023-34228 | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions |
| CVE-2023-34227 | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks |
| CVE-2023-34226 | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible |
| CVE-2023-34225 | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible |
| CVE-2023-34224 | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible |
| CVE-2023-34223 | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases |
| CVE-2023-34222 | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible |
| CVE-2023-34221 | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible |
| CVE-2023-34220 | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible |
| CVE-2023-34219 | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API |
| CVE-2023-34218 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible |
| CVE-2022-48428 | In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible |
| CVE-2022-48427 | In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible |
| CVE-2022-48426 | In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible |
| CVE-2022-48344 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. |
| CVE-2022-48343 | In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. |
| CVE-2022-48342 | In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. |
| CVE-2022-46831 | In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators. |
| CVE-2022-46830 | In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning. |
| CVE-2022-44646 | In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings |
| CVE-2022-44624 | In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters |
| CVE-2022-44623 | In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings |
| CVE-2022-44622 | In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive |
| CVE-2022-40979 | In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable |
| CVE-2022-40764 | Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957. |
| CVE-2022-38133 | In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases |
| CVE-2022-36322 | In JetBrains TeamCity before 2022.04.2 build parameter injection was possible |
| CVE-2022-36321 | In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases |
| CVE-2022-29929 | In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible |
| CVE-2022-29928 | In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible |
| CVE-2022-29927 | In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible |
| CVE-2022-25264 | In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. |
| CVE-2022-25263 | JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. |
| CVE-2022-25261 | JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. |
| CVE-2022-24342 | In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. |
| CVE-2022-24341 | In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. |
| CVE-2022-24340 | In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. |
| CVE-2022-24339 | JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. |
| CVE-2022-24338 | JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. |
| CVE-2022-24337 | In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. |
| CVE-2022-24336 | In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. |
| CVE-2022-24335 | JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. |
| CVE-2022-24334 | In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. |
| CVE-2022-24333 | In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. |
| CVE-2022-24332 | In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. |
| CVE-2022-24331 | In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. |
| CVE-2022-24330 | In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. |
| CVE-2022-22984 | The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605. |
| CVE-2021-43202 | In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. |
| CVE-2021-43201 | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. |
| CVE-2021-43200 | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. |
| CVE-2021-43199 | In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. |
| CVE-2021-43198 | In JetBrains TeamCity before 2021.1.2, stored XSS is possible. |
| CVE-2021-43197 | In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. |
| CVE-2021-43196 | In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. |
| CVE-2021-43195 | In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. |
| CVE-2021-43194 | In JetBrains TeamCity before 2021.1.2, user enumeration was possible. |
| CVE-2021-43193 | In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. |
| CVE-2021-37548 | In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. |
| CVE-2021-37547 | In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. |
| CVE-2021-37546 | In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. |
| CVE-2021-37545 | In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. |
| CVE-2021-37544 | In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. |
| CVE-2021-37542 | In JetBrains TeamCity before 2020.2.3, XSS was possible. |
| CVE-2021-3315 | In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. |
| CVE-2021-31915 | In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. |
| CVE-2021-31914 | In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. |
| CVE-2021-31913 | In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| CVE-2021-31912 | In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. |
| CVE-2021-31911 | In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. |
| CVE-2021-31910 | In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. |
| CVE-2021-31909 | In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. |
| CVE-2021-31908 | In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. |
| CVE-2021-31907 | In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. |
| CVE-2021-31906 | In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. |
| CVE-2021-31904 | In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. |
| CVE-2021-26310 | In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. |
| CVE-2021-26309 | Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. |
| CVE-2021-25778 | In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. |
| CVE-2021-25777 | In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. |
| CVE-2021-25776 | In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. |
| CVE-2021-25775 | In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users. |
| CVE-2021-25774 | In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. |
| CVE-2021-25773 | JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. |
| CVE-2021-25772 | In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration. |
| CVE-2020-7911 | In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. |
| CVE-2020-7910 | JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. |
| CVE-2020-7909 | In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. |
| CVE-2020-7908 | In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. |
| CVE-2020-35667 | JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. |
| CVE-2020-27629 | In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. |
| CVE-2020-27628 | In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. |
| CVE-2020-27627 | JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. |
| CVE-2020-15831 | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. |
| CVE-2020-15830 | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. |
| CVE-2020-15829 | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. |
| CVE-2020-15828 | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. |
| CVE-2020-15826 | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. |
| CVE-2020-15825 | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. |
| CVE-2020-11938 | In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2. |
| CVE-2020-11689 | In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. |
| CVE-2020-11688 | In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. |
| CVE-2020-11687 | In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. |
| CVE-2020-11686 | In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. |
| CVE-2019-18367 | In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions. |
| CVE-2019-18366 | In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission. |
| CVE-2019-18365 | In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. |
| CVE-2019-18364 | In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution. |
| CVE-2019-18363 | In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. |
| CVE-2019-15848 | JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. |
| CVE-2019-15042 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. |
| CVE-2019-15039 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1. |
| CVE-2019-15038 | An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. |
| CVE-2019-15037 | An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1. |
| CVE-2019-15036 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |
| CVE-2019-15035 | An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1. |
| CVE-2019-12846 | A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12845 | The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3. |
| CVE-2019-12844 | A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3. |
| CVE-2019-12843 | A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3. |
| CVE-2019-12842 | A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12841 | Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. |
| CVE-2019-12156 | Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293. |
| CVE-2015-1313 | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. |
| CVE-2014-10036 | Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html. |
| CVE-2014-10002 | Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. |
|
You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)
|
||
