cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 13 of 14
CVE-2020-27628P4MEDIUMCVSS 4.3fixed in 2020.1.52020-11-16
CVE-2020-27628 [MEDIUM] CVE-2020-27628: In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
nvd
CVE-2021-25774P4MEDIUMCVSS 4.3fixed in 2020.2.12021-02-03
CVE-2021-25774 [MEDIUM] CWE-863 CVE-2021-25774: In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
nvd
CVE-2025-54532P4MEDIUMCVSS 4.3fixed in 2025.072025-07-28
CVE-2025-54532 [MEDIUM] CWE-863 CVE-2025-54532: In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings vi In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
nvd
CVE-2025-54534P4MEDIUMCVSS 4.8fixed in 2025.072025-07-28
CVE-2025-54534 [MEDIUM] CWE-79 CVE-2025-54534: In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
nvd
CVE-2024-41826P4MEDIUMCVSS 4.8fixed in 2024.072024-07-22
CVE-2024-41826 [MEDIUM] CWE-79 CVE-2024-41826: In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
nvd
CVE-2026-49381P4MEDIUMCVSS 4.8fixed in 2026.12026-05-29
CVE-2026-49381 [MEDIUM] CWE-79 CVE-2026-49381: In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
nvd
CVE-2025-68163P4MEDIUMCVSS 4.8fixed in 2025.112025-12-16
CVE-2025-68163 [MEDIUM] CWE-79 CVE-2025-68163: In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
nvd
CVE-2023-34219P4MEDIUMCVSS 4.3fixed in 2023.052023-05-31
CVE-2023-34219 [MEDIUM] CWE-285 CVE-2023-34219: In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate pe In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
nvd
CVE-2024-56348P4MEDIUMCVSS 4.3fixed in 2024.122024-12-20
CVE-2024-56348 [MEDIUM] CWE-863 CVE-2024-56348: In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
nvd
CVE-2024-56350P4MEDIUMCVSS 4.3fixed in 2024.122024-12-20
CVE-2024-56350 [MEDIUM] CWE-863 CVE-2024-56350: In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
nvd
CVE-2025-24460P4MEDIUMCVSS 4.3fixed in 2024.12.12025-01-21
CVE-2025-24460 [MEDIUM] CWE-863 CVE-2025-24460: In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
nvd
CVE-2025-52879P4MEDIUMCVSS 4.8fixed in 2025.03.32025-06-23
CVE-2025-52879 [MEDIUM] CWE-79 CVE-2025-52879: In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
nvd
CVE-2014-10036P4MEDIUMCVSS 4.3≤ 8.02015-01-13
CVE-2014-10036 [MEDIUM] CWE-79 CVE-2014-10036: Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.
nvd
CVE-2019-12846P4MEDIUMCVSS 4.3fixed in 2018.2.22019-07-03
CVE-2019-12846 [MEDIUM] CVE-2019-12846: A user without the required permissions could gain access to some JetBrains TeamCity settings. The i A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.
nvd
CVE-2024-28173P4MEDIUMCVSS 4.3≥ 2023.11, < 2023.11.42024-03-06
CVE-2024-28173 [MEDIUM] CWE-201 CVE-2024-28173: In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type c In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed
nvd
CVE-2025-52878P4MEDIUMCVSS 4.3fixed in 2025.03.32025-06-23
CVE-2025-52878 [MEDIUM] CWE-862 CVE-2025-52878: In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permission In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
nvd
CVE-2020-7908P4MEDIUMCVSS 4.3fixed in 2019.1.52020-01-30
CVE-2020-7908 [MEDIUM] CWE-269 CVE-2020-7908: In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
nvd
CVE-2019-18365P4MEDIUMCVSS 4.3fixed in 2019.1.42019-10-31
CVE-2019-18365 [MEDIUM] CWE-269 CVE-2019-18365: In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
nvd
CVE-2020-15826P4MEDIUMCVSS 4.3fixed in 2020.12020-08-08
CVE-2020-15826 [MEDIUM] CWE-269 CVE-2020-15826: In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
nvd
CVE-2023-34224P4MEDIUMCVSS 4.8fixed in 2023.052023-05-31
CVE-2023-34224 [MEDIUM] CWE-601 CVE-2023-34224: In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
nvd
Jetbrains Teamcity vulnerabilities | cvebase