cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 5 of 14
CVE-2025-54529P3HIGHCVSS 7.5fixed in 2025.072025-07-28
CVE-2025-54529 [HIGH] CWE-352 CVE-2025-54529: In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
nvd
CVE-2023-34228P3MEDIUMCVSS 6.5fixed in 2023.052023-05-31
CVE-2023-34228 [MEDIUM] CWE-308 CVE-2023-34228: In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for so In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
nvd
CVE-2021-31910P3HIGHCVSS 7.5fixed in 2020.2.32021-05-11
CVE-2021-31910 [HIGH] CWE-918 CVE-2021-31910: In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
nvd
CVE-2019-15038P3HIGHCVSS 7.5v2018.2.42019-10-01
CVE-2019-15038 [HIGH] CVE-2019-15038: An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some secur An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
nvd
CVE-2020-11687P3HIGHCVSS 7.5fixed in 2019.2.22020-04-22
CVE-2020-11687 [HIGH] CWE-200 CVE-2020-11687: In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several p In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
nvd
CVE-2021-43196P3HIGHCVSS 7.5fixed in 2021.12021-11-09
CVE-2021-43196 [HIGH] CVE-2021-43196: In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialo In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
nvd
CVE-2021-31913P3HIGHCVSS 7.5fixed in 2020.2.32021-05-11
CVE-2021-31913 [HIGH] CWE-354 CVE-2021-31913: In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitH In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
nvd
CVE-2024-56356P3HIGHCVSS 7.1fixed in 2024.122024-12-20
CVE-2024-56356 [HIGH] CWE-611 CVE-2024-56356: In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE at In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
nvd
CVE-2025-31139P3MEDIUMCVSS 6.5fixed in 2025.032025-03-27
CVE-2025-31139 [MEDIUM] CWE-532 CVE-2025-31139: In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
nvd
CVE-2025-46432P3MEDIUMCVSS 6.5fixed in 2025.03.12025-04-25
CVE-2025-46432 [MEDIUM] CWE-532 CVE-2025-46432: In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
nvd
CVE-2024-47161P3MEDIUMCVSS 6.5fixed in 2024.07.32024-10-08
CVE-2024-47161 [MEDIUM] CWE-522 CVE-2024-47161: In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
nvd
CVE-2026-49379P3MEDIUMCVSS 6.5fixed in 2026.12026-05-29
CVE-2026-49379 [MEDIUM] CWE-522 CVE-2026-49379: In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
nvd
CVE-2025-68267P3MEDIUMCVSS 6.5fixed in 2025.11.12025-12-16
CVE-2025-68267 [MEDIUM] CWE-272 CVE-2025-68267: In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub pers In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
nvd
CVE-2021-26310P4HIGHCVSS 7.5fixed in 2020.2.2.858992021-05-11
CVE-2021-26310 [HIGH] CVE-2021-26310: In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible. In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
nvd
CVE-2019-15042P4HIGHCVSS 7.5v2018.2.42019-10-01
CVE-2019-15042 [HIGH] CWE-295 CVE-2019-15042: An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for som An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
nvd
CVE-2023-38062P4MEDIUMCVSS 6.5fixed in 2023.05.12023-07-12
CVE-2023-38062 [MEDIUM] CWE-200 CVE-2023-38062: In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
nvd
CVE-2024-36364P4MEDIUMCVSS 6.5fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36364 [MEDIUM] CWE-863 CVE-2024-36364: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in P In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible
nvd
CVE-2024-56353P4MEDIUMCVSS 6.5fixed in 2024.122024-12-20
CVE-2024-56353 [MEDIUM] CWE-212 CVE-2024-56353: In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
nvd
CVE-2025-24461P4MEDIUMCVSS 6.5v2024.12.1fixed in 2024.12.12025-01-21
CVE-2025-24461 [MEDIUM] CWE-862 CVE-2025-24461: In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions w In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint
nvd
CVE-2024-41828P4MEDIUMCVSS 6.5fixed in 2024.072024-07-22
CVE-2024-41828 [MEDIUM] CWE-208 CVE-2024-41828: In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
nvd
Jetbrains Teamcity vulnerabilities | cvebase