Jetbrains Teamcity vulnerabilities
269 known vulnerabilities affecting jetbrains/teamcity.
Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9
Vulnerabilities
Page 8 of 14
CVE-2024-56349P4MEDIUMCVSS 5.3fixed in 2024.122024-12-20
CVE-2024-56349 [MEDIUM] CWE-862 CVE-2024-56349: In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify bu
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
nvd
CVE-2019-15848P4MEDIUMCVSS 6.1v2019.1v2019.1.12019-09-05
CVE-2019-15848 [MEDIUM] CWE-79 CVE-2019-15848: JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it poss
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
nvd
CVE-2023-34222P4MEDIUMCVSS 6.1fixed in 2023.052023-05-31
CVE-2023-34222 [MEDIUM] CWE-79 CVE-2023-34222: In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
nvd
CVE-2019-12843P4MEDIUMCVSS 6.1fixed in 2018.2.32019-07-03
CVE-2019-12843 [MEDIUM] CWE-94 CVE-2019-12843: A possible stored JavaScript injection requiring a deliberate server administrator action was detect
A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3.
nvd
CVE-2024-35300P4MEDIUMCVSS 6.1v2024.03≥ 2024.03, < 2024.03.12024-05-16
CVE-2024-35300 [MEDIUM] CWE-79 CVE-2024-35300: In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page
In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible
nvd
CVE-2024-35302P4MEDIUMCVSS 6.1fixed in 2023.112024-05-16
CVE-2024-35302 [MEDIUM] CWE-79 CVE-2024-35302: In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible
nvd
CVE-2026-28194P4MEDIUMCVSS 6.1fixed in 2025.11.32026-02-25
CVE-2026-28194 [MEDIUM] CWE-601 CVE-2026-28194: In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
nvd
CVE-2022-48426P4MEDIUMCVSS 5.4v2022.10.3fixed in 2022.10.32023-03-27
CVE-2022-48426 [MEDIUM] CWE-79 CVE-2022-48426: In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
nvd
CVE-2023-34229P4MEDIUMCVSS 5.4fixed in 2023.052023-05-31
CVE-2023-34229 [MEDIUM] CWE-79 CVE-2023-34229: In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
nvd
CVE-2023-34221P4MEDIUMCVSS 5.4fixed in 2023.052023-05-31
CVE-2023-34221 [MEDIUM] CWE-79 CVE-2023-34221: In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
nvd
CVE-2022-48427P4MEDIUMCVSS 5.4fixed in 2022.10.32023-03-27
CVE-2022-48427 [MEDIUM] CWE-79 CVE-2022-48427: In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possib
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
nvd
CVE-2023-38065P4MEDIUMCVSS 5.4fixed in 2023.05.12023-07-12
CVE-2023-38065 [MEDIUM] CWE-79 CVE-2023-38065: In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
nvd
CVE-2023-38063P4MEDIUMCVSS 5.4fixed in 2023.05.12023-07-12
CVE-2023-38063 [MEDIUM] CWE-79 CVE-2023-38063: In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
nvd
CVE-2023-38061P4MEDIUMCVSS 5.4fixed in 2023.05.12023-07-12
CVE-2023-38061 [MEDIUM] CWE-79 CVE-2023-38061: In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
nvd
CVE-2021-25772P4MEDIUMCVSS 5.3fixed in 2020.2.22021-02-03
CVE-2021-25772 [MEDIUM] CVE-2021-25772: In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
nvd
CVE-2024-56352P4MEDIUMCVSS 5.4fixed in 2024.122024-12-20
CVE-2024-56352 [MEDIUM] CWE-79 CVE-2024-56352: In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details pag
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
nvd
CVE-2024-56355P4MEDIUMCVSS 5.4fixed in 2024.122024-12-20
CVE-2024-56355 [MEDIUM] CWE-79 CVE-2024-56355: In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController respons
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
nvd
CVE-2025-52875P4MEDIUMCVSS 5.4fixed in 2025.03.32025-06-23
CVE-2025-52875 [MEDIUM] CWE-79 CVE-2025-52875: In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
nvd
CVE-2021-3315P4MEDIUMCVSS 5.4fixed in 2020.2.22021-05-11
CVE-2021-3315 [MEDIUM] CWE-79 CVE-2021-3315: In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
nvd
CVE-2021-31908P4MEDIUMCVSS 5.4fixed in 2020.2.32021-05-11
CVE-2021-31908 [MEDIUM] CWE-79 CVE-2021-31908: In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
nvd