cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 10 of 14
CVE-2024-36374P4MEDIUMCVSS 5.4fixed in 2024.03.22024-05-29
CVE-2024-36374 [MEDIUM] CWE-79 CVE-2024-36374: In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
nvd
CVE-2024-36370P4MEDIUMCVSS 5.4fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36370 [MEDIUM] CWE-79 CVE-2024-36370: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connect In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
nvd
CVE-2024-36371P4MEDIUMCVSS 5.4fixed in 2023.05.6≥ 2023.11, < 2023.11.5+1 more2024-05-29
CVE-2024-36371 [MEDIUM] CWE-79 CVE-2024-36371: In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
nvd
CVE-2022-44622P4MEDIUMCVSS 5.3≥ 2021.2, < 2022.10≥ 2022.10, < 2022.10+1 more2022-11-03
CVE-2022-44622 [MEDIUM] CWE-284 CVE-2022-44622: In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
nvd
CVE-2022-40979P4MEDIUMCVSS 5.3fixed in 2022.04.4≥ 2022.04.4, < 2022.04.42022-09-23
CVE-2022-40979 [MEDIUM] CWE-532 CVE-2022-40979: In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged wh In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
nvd
CVE-2024-39879P4MEDIUMCVSS 5.3fixed in 2024.03.32024-07-01
CVE-2024-39879 [MEDIUM] CWE-522 CVE-2024-39879: In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile setti In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
nvd
CVE-2026-49377P4MEDIUMCVSS 4.3fixed in 2025.11.22026-05-29
CVE-2026-49377 [MEDIUM] CWE-526 CVE-2026-49377: In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
nvd
CVE-2022-29927P4MEDIUMCVSS 6.1fixed in 2022.04≥ 2022.04, < 2022.042022-05-12
CVE-2022-29927 [MEDIUM] CWE-79 CVE-2022-29927: In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
nvd
CVE-2023-34226P4MEDIUMCVSS 6.1fixed in 2023.052023-05-31
CVE-2023-34226 [MEDIUM] CWE-79 CVE-2023-34226: In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
nvd
CVE-2023-39175P4MEDIUMCVSS 6.1fixed in 2023.05.22023-07-25
CVE-2023-39175 [MEDIUM] CWE-79 CVE-2023-39175: In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
nvd
CVE-2020-7911P4MEDIUMCVSS 6.1fixed in 2019.2.02020-01-30
CVE-2020-7911 [MEDIUM] CWE-79 CVE-2020-7911: In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
nvd
CVE-2021-37542P4MEDIUMCVSS 6.1fixed in 2020.2.32021-08-06
CVE-2021-37542 [MEDIUM] CWE-79 CVE-2021-37542: In JetBrains TeamCity before 2020.2.3, XSS was possible. In JetBrains TeamCity before 2020.2.3, XSS was possible.
nvd
CVE-2022-24330P4MEDIUMCVSS 6.1fixed in 2021.2.12022-02-25
CVE-2022-24330 [MEDIUM] CWE-601 CVE-2022-24330: In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
nvd
CVE-2024-31137P4MEDIUMCVSS 6.1fixed in 2024.032024-03-28
CVE-2024-31137 [MEDIUM] CWE-79 CVE-2024-31137: In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
nvd
CVE-2022-48344P4MEDIUMCVSS 6.1fixed in 2022.10.22023-02-23
CVE-2022-48344 [MEDIUM] CWE-79 CVE-2022-48344: In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
nvd
CVE-2024-43809P4MEDIUMCVSS 6.1fixed in 2024.07.12024-08-16
CVE-2024-43809 [MEDIUM] CWE-79 CVE-2024-43809: In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
nvd
CVE-2023-41250P4MEDIUMCVSS 6.1fixed in 2023.05.32023-08-25
CVE-2023-41250 [MEDIUM] CWE-79 CVE-2023-41250: In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
nvd
CVE-2024-36372P4MEDIUMCVSS 6.1fixed in 2023.05.62024-05-29
CVE-2024-36372 [MEDIUM] CWE-79 CVE-2024-36372: In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
nvd
CVE-2025-47854P4MEDIUMCVSS 6.1fixed in 2025.03.22025-05-20
CVE-2025-47854 [MEDIUM] CWE-601 CVE-2025-47854: In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
nvd
CVE-2026-49380P4MEDIUMCVSS 6.1fixed in 2026.12026-05-29
CVE-2026-49380 [MEDIUM] CWE-601 CVE-2026-49380: In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
nvd
Jetbrains Teamcity vulnerabilities | cvebase