cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 12 of 14
CVE-2023-38066P4MEDIUMCVSS 6.1fixed in 2023.05.12023-07-12
CVE-2023-38066 [MEDIUM] CWE-79 CVE-2023-38066: In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during arti In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
nvd
CVE-2021-31911P4MEDIUMCVSS 6.1fixed in 2020.2.32021-05-11
CVE-2021-31911 [MEDIUM] CWE-79 CVE-2021-31911: In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
nvd
CVE-2021-31904P4MEDIUMCVSS 6.1fixed in 2020.2.22021-05-11
CVE-2021-31904 [MEDIUM] CWE-79 CVE-2021-31904: In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
nvd
CVE-2020-15831P4MEDIUMCVSS 6.1fixed in 2019.2.32020-08-08
CVE-2020-15831 [MEDIUM] CWE-79 CVE-2020-15831: JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
nvd
CVE-2021-25773P4MEDIUMCVSS 6.1fixed in 2020.22021-02-03
CVE-2021-25773 [MEDIUM] CWE-79 CVE-2021-25773: JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
nvd
CVE-2021-43197P4MEDIUMCVSS 6.1fixed in 2021.1.22021-11-09
CVE-2021-43197 [MEDIUM] CWE-79 CVE-2021-43197: In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
nvd
CVE-2022-24338P4MEDIUMCVSS 6.1fixed in 2021.2.12022-02-25
CVE-2022-24338 [MEDIUM] CWE-79 CVE-2022-24338: JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
nvd
CVE-2022-25261P4MEDIUMCVSS 6.1fixed in 2021.2.22022-02-25
CVE-2022-25261 [MEDIUM] CWE-79 CVE-2022-25261: JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
nvd
CVE-2022-29929P4MEDIUMCVSS 6.1fixed in 2022.04≥ 2022.04, < 2022.042022-05-12
CVE-2022-29929 [MEDIUM] CWE-79 CVE-2022-29929: In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
nvd
CVE-2019-12845P4MEDIUMCVSS 5.3fixed in 2018.2.32019-07-03
CVE-2019-12845 [MEDIUM] CWE-287 CVE-2019-12845: The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts The generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. The issue was fixed in JetBrains TeamCity 2018.2.3.
nvd
CVE-2019-18367P4MEDIUMCVSS 5.3fixed in 2019.1.22019-10-31
CVE-2019-18367 [MEDIUM] CWE-276 CVE-2019-18367: In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user with In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
nvd
CVE-2021-25777P4MEDIUMCVSS 5.3fixed in 2020.2.12021-02-03
CVE-2021-25777 [MEDIUM] CWE-863 CVE-2021-25777: In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
nvd
CVE-2022-29928P4MEDIUMCVSS 4.9fixed in 2022.04≥ 2022.04, < 2022.042022-05-12
CVE-2022-29928 [MEDIUM] CWE-532 CVE-2022-29928: In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
nvd
CVE-2025-54533P4MEDIUMCVSS 4.3fixed in 2025.072025-07-28
CVE-2025-54533 [MEDIUM] CWE-863 CVE-2025-54533: In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings vi In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
nvd
CVE-2026-28195P4MEDIUMCVSS 4.3fixed in 2025.11.32026-02-25
CVE-2026-28195 [MEDIUM] CWE-862 CVE-2026-28195: In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add param In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
nvd
CVE-2025-59455P4MEDIUMCVSS 4.2fixed in 2025.07.22025-09-17
CVE-2025-59455 [MEDIUM] CWE-362 CVE-2025-59455: In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
nvd
CVE-2019-12842P4MEDIUMCVSS 6.1fixed in 2018.2.22019-07-03
CVE-2019-12842 [MEDIUM] CWE-79 CVE-2019-12842: A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fi A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
nvd
CVE-2019-15037P4MEDIUMCVSS 6.1v2018.2.42019-10-02
CVE-2019-15037 [MEDIUM] CWE-79 CVE-2019-15037: An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the se An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
nvd
CVE-2024-31135P4MEDIUMCVSS 6.1fixed in 2024.032024-03-28
CVE-2024-31135 [MEDIUM] CWE-601 CVE-2024-31135: In JetBrains TeamCity before 2024.03 open redirect was possible on the login page In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
nvd
CVE-2014-10002P4MEDIUMCVSS 5.0≤ 8.02015-01-13
CVE-2014-10002 [MEDIUM] CVE-2014-10002: Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensiti Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
nvd
Jetbrains Teamcity vulnerabilities | cvebase