Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 1 of 14
CVE-2023-42793P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 2023.05.42023-09-19
CVE-2023-42793 [CRITICAL] CWE-288 CVE-2023-42793: In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was p
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
nvd
CVE-2024-27198P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 2023.11.42024-03-04
CVE-2024-27198 [CRITICAL] CWE-288 CVE-2024-27198: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was p
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
nvd
CVE-2024-27199P1HIGHCVSS 7.3KEVPoCRansomwarefixed in 2023.11.42024-03-04
CVE-2024-27199 [HIGH] CWE-23 CVE-2024-27199: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
nvd
CVE-2024-23917P1CRITICALCVSS 9.8ExploitedPoCfixed in 2023.11.32024-02-06
CVE-2024-23917 [CRITICAL] CWE-288 CVE-2024-23917: In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
nvd
CVE-2019-15039P2CRITICALCVSS 9.8PoCv2018.2.42019-10-01
CVE-2019-15039 [CRITICAL] CWE-22 CVE-2019-15039: An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issu
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
nvd
CVE-2021-31915P2CRITICALCVSS 9.8fixed in 2020.2.42021-05-11
CVE-2021-31915 [CRITICAL] CWE-78 CVE-2021-31915: In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was pos
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
nvd
CVE-2021-31909P2CRITICALCVSS 9.8fixed in 2020.2.32021-05-11
CVE-2021-31909 [CRITICAL] CWE-88 CVE-2021-31909: In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possi
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
nvd
CVE-2022-25263P2CRITICALCVSS 9.8fixed in 2021.2.32022-02-25
CVE-2022-25263 [CRITICAL] CWE-78 CVE-2022-25263: JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
nvd
CVE-2024-47949P3HIGHCVSS 7.5fixed in 2024.07.32024-10-08
CVE-2024-47949 [HIGH] CWE-23 CVE-2024-47949: In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary locatio
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
nvd
CVE-2026-49373P2HIGHCVSS 8.8fixed in 2026.12026-05-29
CVE-2026-49373 [HIGH] CWE-88 CVE-2026-49373: In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection setti
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
nvd
CVE-2019-18364P3CRITICALCVSS 9.8fixed in 2019.1.42019-10-31
CVE-2019-18364 [CRITICAL] CWE-502 CVE-2019-18364: In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
nvd
CVE-2021-43193P3CRITICALCVSS 9.8fixed in 2021.1.22021-11-09
CVE-2021-43193 [CRITICAL] CVE-2021-43193: In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is pos
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
nvd
CVE-2021-31914P3CRITICALCVSS 9.8fixed in 2020.2.42021-05-11
CVE-2021-31914 [CRITICAL] CVE-2021-31914: In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was po
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
nvd
CVE-2024-36470P3CRITICALCVSS 9.8fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36470 [CRITICAL] CWE-288 CVE-2024-36470: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was po
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
nvd
CVE-2025-54531P3CRITICALCVSS 9.4fixed in 2025.072025-07-28
CVE-2025-54531 [CRITICAL] CWE-23 CVE-2025-54531: In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
nvd
CVE-2022-24331P3CRITICALCVSS 9.8fixed in 2021.42022-02-25
CVE-2022-24331 [CRITICAL] CVE-2022-24331: In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
nvd
CVE-2025-46433P3CRITICALCVSS 9.8fixed in 2025.03.12025-04-25
CVE-2025-46433 [CRITICAL] CWE-23 CVE-2025-46433: In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possi
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
nvd
CVE-2024-31138P3MEDIUMCVSS 5.4fixed in 2024.032024-03-28
CVE-2024-31138 [MEDIUM] CWE-79 CVE-2024-31138: In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
nvd
CVE-2019-12157P3CRITICALCVSS 9.8fixed in 2018.2.52019-10-02
CVE-2019-12157 [CRITICAL] CWE-20 CVE-2019-12157: In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC comm
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
nvd
CVE-2023-39173P3HIGHCVSS 8.8fixed in 2023.05.22023-07-25
CVE-2023-39173 [HIGH] CWE-266 CVE-2023-39173: In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full a
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
nvd
1 / 14Next →