Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 14 of 14
CVE-2025-57733P4LOWCVSS 3.8fixed in 2025.07.12025-08-20
CVE-2025-57733 [LOW] CWE-77 CVE-2025-57733: In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email co
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
nvd
CVE-2021-25775P4LOWCVSS 3.8fixed in 2020.2.12021-02-03
CVE-2021-25775 [LOW] CVE-2021-25775: In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any o
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
nvd
CVE-2025-67739P4LOWCVSS 3.1fixed in 2025.11.22025-12-11
CVE-2025-67739 [LOW] CWE-939 CVE-2025-67739: In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
nvd
CVE-2025-68164P4LOWCVSS 2.7fixed in 2025.112025-12-16
CVE-2025-68164 [LOW] CWE-203 CVE-2025-68164: In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
nvd
CVE-2025-68162P4LOWCVSS 2.7fixed in 2025.112025-12-16
CVE-2025-68162 [LOW] CWE-829 CVE-2025-68162: In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configura
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
nvd
CVE-2021-31906P4LOWCVSS 2.7fixed in 2020.2.22021-05-11
CVE-2021-31906 [LOW] CVE-2021-31906: In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
nvd
CVE-2026-28196P4LOWCVSS 2.3fixed in 2025.11.32026-02-25
CVE-2026-28196 [LOW] CWE-459 CVE-2026-28196: In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on dis
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
nvd
CVE-2021-26309P4LOWCVSS 3.3fixed in 2020.2.2.858992021-05-11
CVE-2021-26309 [LOW] CWE-668 CVE-2021-26309: Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible becaus
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
nvd
CVE-2020-11686P4LOWCVSS 2.7fixed in 2019.1.42020-04-22
CVE-2020-11686 [LOW] CVE-2020-11686: In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity se
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
nvd
← Previous14 / 14