Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 10 of 14
CVE-2024-36374P4MEDIUMCVSS 5.4fixed in 2024.03.22024-05-29
CVE-2024-36374 [MEDIUM] CWE-79 CVE-2024-36374: In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
nvd
CVE-2024-36370P4MEDIUMCVSS 5.4fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36370 [MEDIUM] CWE-79 CVE-2024-36370: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connect
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible
nvd
CVE-2024-36371P4MEDIUMCVSS 5.4fixed in 2023.05.6≥ 2023.11, < 2023.11.5+1 more2024-05-29
CVE-2024-36371 [MEDIUM] CWE-79 CVE-2024-36371: In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible
nvd
CVE-2022-44622P4MEDIUMCVSS 5.3≥ 2021.2, < 2022.10≥ 2022.10, < 2022.10+1 more2022-11-03
CVE-2022-44622 [MEDIUM] CWE-284 CVE-2022-44622: In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
nvd
CVE-2022-40979P4MEDIUMCVSS 5.3fixed in 2022.04.4≥ 2022.04.4, < 2022.04.42022-09-23
CVE-2022-40979 [MEDIUM] CWE-532 CVE-2022-40979: In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged wh
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
nvd
CVE-2024-39879P4MEDIUMCVSS 5.3fixed in 2024.03.32024-07-01
CVE-2024-39879 [MEDIUM] CWE-522 CVE-2024-39879: In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile setti
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings
nvd
CVE-2026-49377P4MEDIUMCVSS 4.3fixed in 2025.11.22026-05-29
CVE-2026-49377 [MEDIUM] CWE-526 CVE-2026-49377: In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
nvd
CVE-2022-29927P4MEDIUMCVSS 6.1fixed in 2022.04≥ 2022.04, < 2022.042022-05-12
CVE-2022-29927 [MEDIUM] CWE-79 CVE-2022-29927: In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
nvd
CVE-2023-34226P4MEDIUMCVSS 6.1fixed in 2023.052023-05-31
CVE-2023-34226 [MEDIUM] CWE-79 CVE-2023-34226: In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
nvd
CVE-2023-39175P4MEDIUMCVSS 6.1fixed in 2023.05.22023-07-25
CVE-2023-39175 [MEDIUM] CWE-79 CVE-2023-39175: In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
nvd
CVE-2020-7911P4MEDIUMCVSS 6.1fixed in 2019.2.02020-01-30
CVE-2020-7911 [MEDIUM] CWE-79 CVE-2020-7911: In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
nvd
CVE-2021-37542P4MEDIUMCVSS 6.1fixed in 2020.2.32021-08-06
CVE-2021-37542 [MEDIUM] CWE-79 CVE-2021-37542: In JetBrains TeamCity before 2020.2.3, XSS was possible.
In JetBrains TeamCity before 2020.2.3, XSS was possible.
nvd
CVE-2022-24330P4MEDIUMCVSS 6.1fixed in 2021.2.12022-02-25
CVE-2022-24330 [MEDIUM] CWE-601 CVE-2022-24330: In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
nvd
CVE-2024-31137P4MEDIUMCVSS 6.1fixed in 2024.032024-03-28
CVE-2024-31137 [MEDIUM] CWE-79 CVE-2024-31137: In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
nvd
CVE-2022-48344P4MEDIUMCVSS 6.1fixed in 2022.10.22023-02-23
CVE-2022-48344 [MEDIUM] CWE-79 CVE-2022-48344: In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
nvd
CVE-2024-43809P4MEDIUMCVSS 6.1fixed in 2024.07.12024-08-16
CVE-2024-43809 [MEDIUM] CWE-79 CVE-2024-43809: In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
nvd
CVE-2023-41250P4MEDIUMCVSS 6.1fixed in 2023.05.32023-08-25
CVE-2023-41250 [MEDIUM] CWE-79 CVE-2023-41250: In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
nvd
CVE-2024-36372P4MEDIUMCVSS 6.1fixed in 2023.05.62024-05-29
CVE-2024-36372 [MEDIUM] CWE-79 CVE-2024-36372: In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
nvd
CVE-2025-47854P4MEDIUMCVSS 6.1fixed in 2025.03.22025-05-20
CVE-2025-47854 [MEDIUM] CWE-601 CVE-2025-47854: In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
nvd
CVE-2026-49380P4MEDIUMCVSS 6.1fixed in 2026.12026-05-29
CVE-2026-49380 [MEDIUM] CWE-601 CVE-2026-49380: In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
nvd