cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 7 of 14
CVE-2024-31140P4MEDIUMCVSS 4.9fixed in 2024.032024-03-28
CVE-2024-31140 [MEDIUM] CWE-1288 CVE-2024-31140: In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the ser In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
nvd
CVE-2025-24459P4MEDIUMCVSS 6.1fixed in 2024.12.12025-01-21
CVE-2025-24459 [MEDIUM] CWE-79 CVE-2025-24459: In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
nvd
CVE-2024-47951P4MEDIUMCVSS 5.4fixed in 2024.07.32024-10-08
CVE-2024-47951 [MEDIUM] CWE-79 CVE-2024-47951: In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
nvd
CVE-2024-47950P4MEDIUMCVSS 5.4fixed in 2024.07.03fixed in 2024.07.32024-10-08
CVE-2024-47950 [MEDIUM] CWE-79 CVE-2024-47950: In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
nvd
CVE-2024-24936P4MEDIUMCVSS 5.3fixed in 2023.11.22024-02-06
CVE-2024-24936 [MEDIUM] CWE-285 CVE-2024-24936: In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
nvd
CVE-2025-52877P4MEDIUMCVSS 4.8fixed in 2025.03.32025-06-23
CVE-2025-52877 [MEDIUM] CWE-79 CVE-2025-52877: In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
nvd
CVE-2020-27627P4MEDIUMCVSS 6.1fixed in 2020.1.22020-11-16
CVE-2020-27627 [MEDIUM] CWE-74 CVE-2020-27627: JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
nvd
CVE-2025-26493P4MEDIUMCVSS 6.1fixed in 2024.12.22025-02-11
CVE-2025-26493 [MEDIUM] CWE-79 CVE-2025-26493: In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Re In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
nvd
CVE-2026-49375P4MEDIUMCVSS 6.1fixed in 2025.11.5fixed in 2026.1, 2025.11.52026-05-29
CVE-2026-49375 [MEDIUM] CWE-79 CVE-2026-49375: In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository downloa In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
nvd
CVE-2025-68166P4MEDIUMCVSS 6.1fixed in 2025.112025-12-16
CVE-2025-68166 [MEDIUM] CWE-79 CVE-2025-68166: In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
nvd
CVE-2024-28174P4MEDIUMCVSS 5.8fixed in 2023.11.42024-03-06
CVE-2024-28174 [MEDIUM] CWE-863 CVE-2024-28174: In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plug In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
nvd
CVE-2023-34223P4MEDIUMCVSS 5.3fixed in 2023.052023-05-31
CVE-2023-34223 [MEDIUM] CWE-532 CVE-2023-34223: In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
nvd
CVE-2023-43566P4MEDIUMCVSS 5.4fixed in 2023.05.42023-09-19
CVE-2023-43566 [MEDIUM] CWE-79 CVE-2023-43566: In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
nvd
CVE-2019-18363P4MEDIUMCVSS 5.3fixed in 2019.1.22019-10-31
CVE-2019-18363 [MEDIUM] CVE-2019-18363: In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
nvd
CVE-2025-47853P4MEDIUMCVSS 5.4fixed in 2025.03.22025-05-20
CVE-2025-47853 [MEDIUM] CWE-79 CVE-2025-47853: In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
nvd
CVE-2025-47852P4MEDIUMCVSS 5.4fixed in 2025.03.22025-05-20
CVE-2025-47852 [MEDIUM] CWE-79 CVE-2025-47852: In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
nvd
CVE-2025-54537P4MEDIUMCVSS 5.5fixed in 2025.072025-07-28
CVE-2025-54537 [MEDIUM] CWE-312 CVE-2025-54537: In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
nvd
CVE-2025-67741P4MEDIUMCVSS 5.4fixed in 2025.112025-12-11
CVE-2025-67741 [MEDIUM] CWE-79 CVE-2025-67741: In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
nvd
CVE-2024-43807P4MEDIUMCVSS 5.4fixed in 2024.07.12024-08-16
CVE-2024-43807 [MEDIUM] CWE-79 CVE-2024-43807: In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
nvd
CVE-2024-41825P4MEDIUMCVSS 5.4fixed in 2024.072024-07-22
CVE-2024-41825 [MEDIUM] CWE-79 CVE-2024-41825: In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
nvd
Jetbrains Teamcity vulnerabilities | cvebase