Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 7 of 14
CVE-2024-31140P4MEDIUMCVSS 4.9fixed in 2024.032024-03-28
CVE-2024-31140 [MEDIUM] CWE-1288 CVE-2024-31140: In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the ser
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
nvd
CVE-2025-24459P4MEDIUMCVSS 6.1fixed in 2024.12.12025-01-21
CVE-2025-24459 [MEDIUM] CWE-79 CVE-2025-24459: In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
nvd
CVE-2024-47951P4MEDIUMCVSS 5.4fixed in 2024.07.32024-10-08
CVE-2024-47951 [MEDIUM] CWE-79 CVE-2024-47951: In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
nvd
CVE-2024-47950P4MEDIUMCVSS 5.4fixed in 2024.07.03fixed in 2024.07.32024-10-08
CVE-2024-47950 [MEDIUM] CWE-79 CVE-2024-47950: In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
nvd
CVE-2024-24936P4MEDIUMCVSS 5.3fixed in 2023.11.22024-02-06
CVE-2024-24936 [MEDIUM] CWE-285 CVE-2024-24936: In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
nvd
CVE-2025-52877P4MEDIUMCVSS 4.8fixed in 2025.03.32025-06-23
CVE-2025-52877 [MEDIUM] CWE-79 CVE-2025-52877: In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
nvd
CVE-2020-27627P4MEDIUMCVSS 6.1fixed in 2020.1.22020-11-16
CVE-2020-27627 [MEDIUM] CWE-74 CVE-2020-27627: JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
nvd
CVE-2025-26493P4MEDIUMCVSS 6.1fixed in 2024.12.22025-02-11
CVE-2025-26493 [MEDIUM] CWE-79 CVE-2025-26493: In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Re
In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
nvd
CVE-2026-49375P4MEDIUMCVSS 6.1fixed in 2025.11.5fixed in 2026.1,
2025.11.52026-05-29
CVE-2026-49375 [MEDIUM] CWE-79 CVE-2026-49375: In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository downloa
In JetBrains TeamCity before 2026.1,
2025.11.5 reflected XSS was possible on the repository download page
nvd
CVE-2025-68166P4MEDIUMCVSS 6.1fixed in 2025.112025-12-16
CVE-2025-68166 [MEDIUM] CWE-79 CVE-2025-68166: In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
nvd
CVE-2024-28174P4MEDIUMCVSS 5.8fixed in 2023.11.42024-03-06
CVE-2024-28174 [MEDIUM] CWE-863 CVE-2024-28174: In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plug
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
nvd
CVE-2023-34223P4MEDIUMCVSS 5.3fixed in 2023.052023-05-31
CVE-2023-34223 [MEDIUM] CWE-532 CVE-2023-34223: In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
nvd
CVE-2023-43566P4MEDIUMCVSS 5.4fixed in 2023.05.42023-09-19
CVE-2023-43566 [MEDIUM] CWE-79 CVE-2023-43566: In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
nvd
CVE-2019-18363P4MEDIUMCVSS 5.3fixed in 2019.1.22019-10-31
CVE-2019-18363 [MEDIUM] CVE-2019-18363: In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
nvd
CVE-2025-47853P4MEDIUMCVSS 5.4fixed in 2025.03.22025-05-20
CVE-2025-47853 [MEDIUM] CWE-79 CVE-2025-47853: In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
nvd
CVE-2025-47852P4MEDIUMCVSS 5.4fixed in 2025.03.22025-05-20
CVE-2025-47852 [MEDIUM] CWE-79 CVE-2025-47852: In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
nvd
CVE-2025-54537P4MEDIUMCVSS 5.5fixed in 2025.072025-07-28
CVE-2025-54537 [MEDIUM] CWE-312 CVE-2025-54537: In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
nvd
CVE-2025-67741P4MEDIUMCVSS 5.4fixed in 2025.112025-12-11
CVE-2025-67741 [MEDIUM] CWE-79 CVE-2025-67741: In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
nvd
CVE-2024-43807P4MEDIUMCVSS 5.4fixed in 2024.07.12024-08-16
CVE-2024-43807 [MEDIUM] CWE-79 CVE-2024-43807: In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
nvd
CVE-2024-41825P4MEDIUMCVSS 5.4fixed in 2024.072024-07-22
CVE-2024-41825 [MEDIUM] CWE-79 CVE-2024-41825: In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
nvd