Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 4 of 14
CVE-2022-24341P3HIGHCVSS 7.5fixed in 2021.2.12022-02-25
CVE-2022-24341 [HIGH] CWE-613 CVE-2022-24341: In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminat
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
nvd
CVE-2023-50870P3HIGHCVSS 8.8fixed in 2023.11.12023-12-15
CVE-2023-50870 [HIGH] CWE-352 CVE-2023-50870: In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
nvd
CVE-2022-24335P3HIGHCVSS 8.1fixed in 2021.2.12022-02-25
CVE-2022-24335 [HIGH] CWE-367 CVE-2022-24335: JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-conditi
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
nvd
CVE-2024-43114P3HIGHCVSS 7.8fixed in 2024.07.12024-08-06
CVE-2024-43114 [HIGH] CWE-276 CVE-2024-43114: In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory perm
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
nvd
CVE-2019-15036P3HIGHCVSS 7.2v2018.2.42019-10-02
CVE-2019-15036 [HIGH] CWE-78 CVE-2019-15036: An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execu
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
nvd
CVE-2023-34227P3HIGHCVSS 7.5fixed in 2023.052023-05-31
CVE-2023-34227 [HIGH] CWE-749 CVE-2023-34227: In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
nvd
CVE-2025-57734P3MEDIUMCVSS 6.5fixed in 2025.07.12025-08-20
CVE-2025-57734 [MEDIUM] CWE-538 CVE-2025-57734: In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
nvd
CVE-2022-44624P3HIGHCVSS 7.5fixed in 2022.10≥ 2022.10, < 2022.102022-11-03
CVE-2022-44624 [HIGH] CWE-532 CVE-2022-44624: In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
nvd
CVE-2024-41829P3HIGHCVSS 7.5fixed in 2024.072024-07-22
CVE-2024-41829 [HIGH] CWE-303 CVE-2024-41829: In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space App
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
nvd
CVE-2015-1313P3MEDIUMCVSS 6.5≥ 8.0, < 9.0.2≥ 8.0.1, < 9.0.22023-06-29
CVE-2015-1313 [MEDIUM] CWE-425 CVE-2015-1313: JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
nvd
CVE-2024-36362P3MEDIUMCVSS 6.5fixed in 2022.04.7≥ 2022.10, < 2022.10.6+4 more2024-05-29
CVE-2024-36362 [MEDIUM] CWE-23 CVE-2024-36362: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal al
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
nvd
CVE-2026-49371P3HIGHCVSS 8.2fixed in 2026.1.12026-05-29
CVE-2026-49371 [HIGH] CWE-79 CVE-2026-49371: In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
nvd
CVE-2023-39174P3HIGHCVSS 7.5fixed in 2023.05.22023-07-25
CVE-2023-39174 [HIGH] CWE-1333 CVE-2023-39174: In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue tracke
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
nvd
CVE-2020-7909P3HIGHCVSS 7.5fixed in 2019.1.52020-01-30
CVE-2020-7909 [HIGH] CWE-522 CVE-2020-7909: In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
nvd
CVE-2021-25776P3HIGHCVSS 7.5fixed in 2020.22021-02-03
CVE-2021-25776 [HIGH] CWE-922 CVE-2021-25776: In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
nvd
CVE-2022-25264P3HIGHCVSS 7.5fixed in 2021.2.32022-02-25
CVE-2022-25264 [HIGH] CWE-922 CVE-2022-25264: In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
nvd
CVE-2021-37548P3HIGHCVSS 7.5fixed in 2021.12021-08-06
CVE-2021-37548 [HIGH] CWE-312 CVE-2021-37548: In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
nvd
CVE-2022-44623P3HIGHCVSS 7.5fixed in 2022.10≥ 2022.10, < 2022.102022-11-03
CVE-2022-44623 [HIGH] CWE-538 CVE-2022-44623: In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in th
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
nvd
CVE-2024-36378P3HIGHCVSS 7.5fixed in 2024.03.22024-05-29
CVE-2024-36378 [HIGH] CWE-770 CVE-2024-36378: In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tok
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
nvd
CVE-2025-31141P3HIGHCVSS 7.5fixed in 2025.032025-03-27
CVE-2025-31141 [HIGH] CWE-209 CVE-2025-31141: In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles pa
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
nvd