cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 4 of 14
CVE-2022-24341P3HIGHCVSS 7.5fixed in 2021.2.12022-02-25
CVE-2022-24341 [HIGH] CWE-613 CVE-2022-24341: In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminat In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
nvd
CVE-2023-50870P3HIGHCVSS 8.8fixed in 2023.11.12023-12-15
CVE-2023-50870 [HIGH] CWE-352 CVE-2023-50870: In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
nvd
CVE-2022-24335P3HIGHCVSS 8.1fixed in 2021.2.12022-02-25
CVE-2022-24335 [HIGH] CWE-367 CVE-2022-24335: JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-conditi JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
nvd
CVE-2024-43114P3HIGHCVSS 7.8fixed in 2024.07.12024-08-06
CVE-2024-43114 [HIGH] CWE-276 CVE-2024-43114: In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory perm In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
nvd
CVE-2019-15036P3HIGHCVSS 7.2v2018.2.42019-10-02
CVE-2019-15036 [HIGH] CWE-78 CVE-2019-15036: An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execu An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
nvd
CVE-2023-34227P3HIGHCVSS 7.5fixed in 2023.052023-05-31
CVE-2023-34227 [HIGH] CWE-749 CVE-2023-34227: In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
nvd
CVE-2025-57734P3MEDIUMCVSS 6.5fixed in 2025.07.12025-08-20
CVE-2025-57734 [MEDIUM] CWE-538 CVE-2025-57734: In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
nvd
CVE-2022-44624P3HIGHCVSS 7.5fixed in 2022.10≥ 2022.10, < 2022.102022-11-03
CVE-2022-44624 [HIGH] CWE-532 CVE-2022-44624: In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
nvd
CVE-2024-41829P3HIGHCVSS 7.5fixed in 2024.072024-07-22
CVE-2024-41829 [HIGH] CWE-303 CVE-2024-41829: In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space App In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
nvd
CVE-2015-1313P3MEDIUMCVSS 6.5≥ 8.0, < 9.0.2≥ 8.0.1, < 9.0.22023-06-29
CVE-2015-1313 [MEDIUM] CWE-425 CVE-2015-1313: JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
nvd
CVE-2024-36362P3MEDIUMCVSS 6.5fixed in 2022.04.7≥ 2022.10, < 2022.10.6+4 more2024-05-29
CVE-2024-36362 [MEDIUM] CWE-23 CVE-2024-36362: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal al In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
nvd
CVE-2026-49371P3HIGHCVSS 8.2fixed in 2026.1.12026-05-29
CVE-2026-49371 [HIGH] CWE-79 CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
nvd
CVE-2023-39174P3HIGHCVSS 7.5fixed in 2023.05.22023-07-25
CVE-2023-39174 [HIGH] CWE-1333 CVE-2023-39174: In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue tracke In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
nvd
CVE-2020-7909P3HIGHCVSS 7.5fixed in 2019.1.52020-01-30
CVE-2020-7909 [HIGH] CWE-522 CVE-2020-7909: In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
nvd
CVE-2021-25776P3HIGHCVSS 7.5fixed in 2020.22021-02-03
CVE-2021-25776 [HIGH] CWE-922 CVE-2021-25776: In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters. In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
nvd
CVE-2022-25264P3HIGHCVSS 7.5fixed in 2021.2.32022-02-25
CVE-2022-25264 [HIGH] CWE-922 CVE-2022-25264: In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
nvd
CVE-2021-37548P3HIGHCVSS 7.5fixed in 2021.12021-08-06
CVE-2021-37548 [HIGH] CWE-312 CVE-2021-37548: In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
nvd
CVE-2022-44623P3HIGHCVSS 7.5fixed in 2022.10≥ 2022.10, < 2022.102022-11-03
CVE-2022-44623 [HIGH] CWE-538 CVE-2022-44623: In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in th In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
nvd
CVE-2024-36378P3HIGHCVSS 7.5fixed in 2024.03.22024-05-29
CVE-2024-36378 [HIGH] CWE-770 CVE-2024-36378: In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tok In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
nvd
CVE-2025-31141P3HIGHCVSS 7.5fixed in 2025.032025-03-27
CVE-2025-31141 [HIGH] CWE-209 CVE-2025-31141: In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles pa In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
nvd
Jetbrains Teamcity vulnerabilities | cvebase