cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 2 of 14
CVE-2024-56351P3HIGHCVSS 8.8fixed in 2024.122024-12-20
CVE-2024-56351 [HIGH] CWE-613 CVE-2024-56351: In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
nvd
CVE-2022-48428P3MEDIUMCVSS 5.4fixed in 2022.10.32023-03-27
CVE-2022-48428 [MEDIUM] CWE-79 CVE-2022-48428: In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
nvd
CVE-2023-34225P3MEDIUMCVSS 5.4fixed in 2023.052023-05-31
CVE-2023-34225 [MEDIUM] CWE-79 CVE-2023-34225: In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
nvd
CVE-2023-34218P3CRITICALCVSS 9.8fixed in 2023.052023-05-31
CVE-2023-34218 [CRITICAL] CWE-863 CVE-2023-34218: In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions w In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
nvd
CVE-2024-41827P3CRITICALCVSS 9.8fixed in 2024.072024-07-22
CVE-2024-41827 [CRITICAL] CWE-613 CVE-2024-41827: In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expirati In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
nvd
CVE-2022-48343P3MEDIUMCVSS 6.1fixed in 2022.10.22023-02-23
CVE-2022-48343 [MEDIUM] CWE-79 CVE-2022-48343: In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
nvd
CVE-2023-34220P3MEDIUMCVSS 5.4fixed in 2023.052023-05-31
CVE-2023-34220 [MEDIUM] CWE-79 CVE-2023-34220: In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
nvd
CVE-2025-67742P3HIGHCVSS 7.5fixed in 2025.112025-12-11
CVE-2025-67742 [HIGH] CWE-22 CVE-2025-67742: In JetBrains TeamCity before 2025.11 path traversal was possible via file upload In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
nvd
CVE-2025-54530P3CRITICALCVSS 9.8fixed in 2025.072025-07-28
CVE-2025-54530 [CRITICAL] CWE-276 CVE-2025-54530: In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory pe In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
nvd
CVE-2023-41249P3MEDIUMCVSS 6.1fixed in 2023.05.32023-08-25
CVE-2023-41249 [MEDIUM] CWE-79 CVE-2023-41249: In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
nvd
CVE-2022-24342P3HIGHCVSS 8.8fixed in 2021.2.12022-02-25
CVE-2022-24342 [HIGH] CWE-352 CVE-2022-24342: In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
nvd
CVE-2026-44413P3HIGHCVSS 7.5fixed in 2025.11.5fixed in 2026.1 2025.11.52026-05-11
CVE-2026-44413 [HIGH] CWE-306 CVE-2026-44413: In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unautho In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
nvd
CVE-2022-36322P3HIGHCVSS 8.8fixed in 2022.04.2≥ 2022.04.2, < 2022.04.22022-07-20
CVE-2022-36322 [HIGH] CWE-88 CVE-2022-36322: In JetBrains TeamCity before 2022.04.2 build parameter injection was possible In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
nvd
CVE-2025-59457P3HIGHCVSS 7.7fixed in 2025.07.22025-09-17
CVE-2025-59457 [HIGH] CWE-183 CVE-2025-59457: In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Wind In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
nvd
CVE-2024-24942P3MEDIUMCVSS 5.3fixed in 2023.11.32024-02-06
CVE-2024-24942 [MEDIUM] CWE-23 CVE-2024-24942: In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
nvd
CVE-2021-43200P3CRITICALCVSS 9.8fixed in 2021.22021-11-09
CVE-2021-43200 [CRITICAL] CVE-2021-43200: In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insuff In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
nvd
CVE-2026-49374P3HIGHCVSS 7.6fixed in 2026.12026-05-29
CVE-2026-49374 [HIGH] CWE-862 CVE-2026-49374: In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameter In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
nvd
CVE-2026-49372P3HIGHCVSS 7.5fixed in 2025.11.5fixed in 2026.1, 2025.11.52026-05-29
CVE-2026-49372 [HIGH] CWE-918 CVE-2026-49372: In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
nvd
CVE-2025-26492P3CRITICALCVSS 9.1fixed in 2024.12.22025-02-11
CVE-2025-26492 [CRITICAL] CWE-522 CVE-2025-26492: In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitiv In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
nvd
CVE-2024-36377P3HIGHCVSS 8.1fixed in 2024.03.22024-05-29
CVE-2024-36377 [HIGH] CWE-863 CVE-2024-36377: In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
nvd
Jetbrains Teamcity vulnerabilities | cvebase