Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains Subscribe
Filtered by product Teamcity
Total 109 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25261 1 Jetbrains 1 Teamcity 2022-03-08 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
CVE-2022-25263 1 Jetbrains 1 Teamcity 2022-03-08 7.5 HIGH 9.8 CRITICAL
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
CVE-2022-25264 1 Jetbrains 1 Teamcity 2022-03-08 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
CVE-2022-24331 1 Jetbrains 1 Teamcity 2022-03-04 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-24332 1 Jetbrains 1 Teamcity 2022-03-04 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24333 1 Jetbrains 1 Teamcity 2022-03-04 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24337 1 Jetbrains 1 Teamcity 2022-03-03 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24340 1 Jetbrains 1 Teamcity 2022-03-03 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
CVE-2022-24342 1 Jetbrains 1 Teamcity 2022-03-03 6.8 MEDIUM 8.8 HIGH
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
CVE-2022-24334 1 Jetbrains 1 Teamcity 2022-03-03 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24336 1 Jetbrains 1 Teamcity 2022-03-03 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24341 1 Jetbrains 1 Teamcity 2022-03-03 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
CVE-2022-24335 1 Jetbrains 1 Teamcity 2022-03-03 6.8 MEDIUM 8.1 HIGH
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2022-24339 1 Jetbrains 1 Teamcity 2022-03-03 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2022-24338 1 Jetbrains 1 Teamcity 2022-03-03 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24330 1 Jetbrains 1 Teamcity 2022-03-03 5.8 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2021-43202 1 Jetbrains 1 Teamcity 2021-12-01 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43193 1 Jetbrains 1 Teamcity 2021-11-10 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVE-2021-43194 1 Jetbrains 1 Teamcity 2021-11-10 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2021-43195 1 Jetbrains 1 Teamcity 2021-11-09 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.