Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 11 of 14
CVE-2019-18366P4MEDIUMCVSS 5.3fixed in 2019.1.22019-10-31
CVE-2019-18366 [MEDIUM] CWE-276 CVE-2019-18366: In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
nvd
CVE-2020-27629P4MEDIUMCVSS 5.3fixed in 2020.1.52020-11-16
CVE-2020-27629 [MEDIUM] CVE-2020-27629: In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
nvd
CVE-2021-31907P4MEDIUMCVSS 5.3fixed in 2020.2.22021-05-11
CVE-2021-31907 [MEDIUM] CWE-732 CVE-2021-31907: In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemen
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
nvd
CVE-2020-7910P4MEDIUMCVSS 5.4fixed in 2019.2.02020-01-30
CVE-2020-7910 [MEDIUM] CWE-79 CVE-2020-7910: JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
nvd
CVE-2024-35301P4MEDIUMCVSS 5.5fixed in 2024.03.12024-05-16
CVE-2024-35301 [MEDIUM] CWE-280 CVE-2024-35301: In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the Git
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token
nvd
CVE-2021-25778P4MEDIUMCVSS 5.3fixed in 2020.2.12021-02-03
CVE-2021-25778 [MEDIUM] CVE-2021-25778: In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
nvd
CVE-2021-43201P4MEDIUMCVSS 5.3fixed in 2021.1.32021-11-09
CVE-2021-43201 [MEDIUM] CVE-2021-43201: In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already d
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
nvd
CVE-2022-24334P4MEDIUMCVSS 5.3fixed in 2021.2.12022-02-25
CVE-2022-24334 [MEDIUM] CVE-2022-24334: In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key o
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
nvd
CVE-2022-24332P4MEDIUMCVSS 5.3fixed in 2021.22022-02-25
CVE-2022-24332 [MEDIUM] CWE-613 CVE-2022-24332: In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
nvd
CVE-2021-37546P4MEDIUMCVSS 5.3fixed in 2021.12021-08-06
CVE-2021-37546 [MEDIUM] CWE-327 CVE-2021-37546: In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties w
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
nvd
CVE-2024-43810P4MEDIUMCVSS 5.4fixed in 2024.07.12024-08-16
CVE-2024-43810 [MEDIUM] CWE-79 CVE-2024-43810: In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
nvd
CVE-2024-36368P4MEDIUMCVSS 5.4fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36368 [MEDIUM] CWE-79 CVE-2024-36368: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth prov
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible
nvd
CVE-2024-43808P4MEDIUMCVSS 5.4fixed in 2024.07.12024-08-16
CVE-2024-43808 [MEDIUM] CWE-79 CVE-2024-43808: In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
nvd
CVE-2022-38133P4MEDIUMCVSS 5.3fixed in 2022.04.3≥ 2022.04.3, < 2022.04.32022-08-10
CVE-2022-38133 [MEDIUM] CWE-532 CVE-2022-38133: In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in som
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
nvd
CVE-2022-44646P4MEDIUMCVSS 5.3fixed in 2022.10≥ 2022.10, < 2022.102022-11-03
CVE-2022-44646 [MEDIUM] CWE-223 CVE-2022-44646: In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settin
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
nvd
CVE-2019-15035P4MEDIUMCVSS 4.9v2018.2.42019-10-01
CVE-2019-15035 [MEDIUM] CVE-2019-15035: An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get a
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
nvd
CVE-2020-11938P4MEDIUMCVSS 4.9≥ 2018.2, ≤ 2019.2.12020-04-22
CVE-2020-11938 [MEDIUM] CVE-2020-11938: In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled pas
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
nvd
CVE-2022-46831P4MEDIUMCVSS 4.9≥ 2022.10, ≤ 2022.10.1≥ 2022.10, < 2022.10.12022-12-08
CVE-2022-46831 [MEDIUM] CWE-453 CVE-2022-46831: In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
nvd
CVE-2024-56354P4MEDIUMCVSS 4.9fixed in 2024.122024-12-20
CVE-2024-56354 [MEDIUM] CWE-522 CVE-2024-56354: In JetBrains TeamCity before 2024.12 password field value were accessible to users with view setting
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
nvd
CVE-2026-49378P4MEDIUMCVSS 4.3fixed in 2026.12026-05-29
CVE-2026-49378 [MEDIUM] CWE-862 CVE-2026-49378: In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
nvd