Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 3 of 14
CVE-2021-37544P3CRITICALCVSS 9.8fixed in 2020.2.42021-08-06
CVE-2021-37544 [CRITICAL] CWE-502 CVE-2021-37544: In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
nvd
CVE-2021-43202P3CRITICALCVSS 9.8fixed in 2021.1.32021-11-30
CVE-2021-43202 [CRITICAL] CVE-2021-43202: In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
nvd
CVE-2025-59456P3MEDIUMCVSS 5.5fixed in 2025.07.22025-09-17
CVE-2025-59456 [MEDIUM] CWE-23 CVE-2025-59456: In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
nvd
CVE-2022-24340P3CRITICALCVSS 9.8fixed in 2021.2.12022-02-25
CVE-2022-24340 [CRITICAL] CWE-611 CVE-2022-24340: In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
nvd
CVE-2022-48342P3CRITICALCVSS 9.8fixed in 2022.10.22023-02-23
CVE-2022-48342 [CRITICAL] CWE-1188 CVE-2022-48342: In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
nvd
CVE-2020-15825P3HIGHCVSS 8.8fixed in 2020.12020-08-08
CVE-2020-15825 [HIGH] CVE-2020-15825: In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users'
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
nvd
CVE-2024-36365P3HIGHCVSS 8.1fixed in 2022.04.7≥ 2022.10, < 2022.10.6+4 more2024-05-29
CVE-2024-36365 [HIGH] CWE-863 CVE-2024-36365: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party age
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent
nvd
CVE-2021-37545P3HIGHCVSS 7.5fixed in 2021.12021-08-06
CVE-2021-37545 [HIGH] CWE-287 CVE-2021-37545: In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were ma
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
nvd
CVE-2025-46618P3MEDIUMCVSS 6.1fixed in 2025.03.12025-04-25
CVE-2025-46618 [MEDIUM] CWE-79 CVE-2025-46618: In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
nvd
CVE-2024-31136P3HIGHCVSS 7.4fixed in 2024.032024-03-28
CVE-2024-31136 [HIGH] CWE-1288 CVE-2024-31136: In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
nvd
CVE-2025-31140P3MEDIUMCVSS 6.1fixed in 2025.032025-03-27
CVE-2025-31140 [MEDIUM] CWE-79 CVE-2025-31140: In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
nvd
CVE-2021-31912P3HIGHCVSS 8.8fixed in 2020.2.32021-05-11
CVE-2021-31912 [HIGH] CWE-640 CVE-2021-31912: In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password r
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
nvd
CVE-2025-54536P3HIGHCVSS 8.8fixed in 2025.072025-07-28
CVE-2025-54536 [HIGH] CWE-352 CVE-2025-54536: In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
nvd
CVE-2024-31139P3HIGHCVSS 8.1fixed in 2024.032024-03-28
CVE-2024-31139 [HIGH] CWE-611 CVE-2024-31139: In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
nvd
CVE-2024-47948P3HIGHCVSS 7.5fixed in 2024.07.32024-10-08
CVE-2024-47948 [HIGH] CWE-23 CVE-2024-47948: In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
nvd
CVE-2024-36376P3HIGHCVSS 8.1fixed in 2024.03.22024-05-29
CVE-2024-36376 [HIGH] CWE-863 CVE-2024-36376: In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to t
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
nvd
CVE-2025-54535P3HIGHCVSS 7.5fixed in 2025.072025-07-28
CVE-2025-54535 [HIGH] CWE-328 CVE-2025-54535: In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak ha
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
nvd
CVE-2025-54528P3HIGHCVSS 8.8fixed in 2025.072025-07-28
CVE-2025-54528 [HIGH] CWE-352 CVE-2025-54528: In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
nvd
CVE-2020-35667P3HIGHCVSS 7.5fixed in 2020.2.856952021-02-03
CVE-2020-35667 [HIGH] CWE-918 CVE-2020-35667: JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
nvd
CVE-2024-29880P3HIGHCVSS 7.8fixed in 2023.112024-03-21
CVE-2024-29880 [HIGH] CWE-749 CVE-2024-29880: In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process
nvd