cbcvebase.

Jetbrains Teamcity vulnerabilities

269 known vulnerabilities affecting jetbrains/teamcity.

Total CVEs
269
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL24HIGH54MEDIUM182LOW9

Vulnerabilities

Page 9 of 14
CVE-2024-24937P4MEDIUMCVSS 5.4fixed in 2023.11.22024-02-06
CVE-2024-24937 [MEDIUM] CWE-79 CVE-2024-24937: In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
nvd
CVE-2023-41248P4MEDIUMCVSS 5.4fixed in 2023.05.32023-08-25
CVE-2023-41248 [MEDIUM] CWE-79 CVE-2023-41248: In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
nvd
CVE-2024-36363P4MEDIUMCVSS 5.4fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36363 [MEDIUM] CWE-79 CVE-2024-36363: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code i In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible
nvd
CVE-2024-36373P4MEDIUMCVSS 5.4fixed in 2024.03.22024-05-29
CVE-2024-36373 [MEDIUM] CWE-79 CVE-2024-36373: In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
nvd
CVE-2024-36369P4MEDIUMCVSS 5.4fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36369 [MEDIUM] CWE-79 CVE-2024-36369: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible
nvd
CVE-2022-46830P4MEDIUMCVSS 5.3≥ 2022.10, ≤ 2022.10.1≥ 2022.10, < 2022.10.12022-12-08
CVE-2022-46830 [MEDIUM] CWE-918 CVE-2022-46830: In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scan In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
nvd
CVE-2024-36375P4MEDIUMCVSS 5.3fixed in 2024.03.22024-05-29
CVE-2024-36375 [MEDIUM] CWE-209 CVE-2024-36375: In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be expo In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
nvd
CVE-2024-39878P4MEDIUMCVSS 5.3fixed in 2024.03.32024-07-01
CVE-2024-39878 [MEDIUM] CWE-522 CVE-2024-39878: In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connectio In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection
nvd
CVE-2019-12844P4MEDIUMCVSS 6.1fixed in 2018.2.32019-07-03
CVE-2019-12844 [MEDIUM] CWE-94 CVE-2019-12844: A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issu A possible stored JavaScript injection was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.3.
nvd
CVE-2020-15830P4MEDIUMCVSS 6.1fixed in 2019.2.32020-08-08
CVE-2020-15830 [MEDIUM] CWE-79 CVE-2020-15830: JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
nvd
CVE-2024-36366P4MEDIUMCVSS 6.1fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36366 [MEDIUM] CWE-79 CVE-2024-36366: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations
nvd
CVE-2024-36367P4MEDIUMCVSS 6.1fixed in 2022.04.7≥ 2022.10, < 2022.10.6+3 more2024-05-29
CVE-2024-36367 [MEDIUM] CWE-79 CVE-2024-36367: In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party r In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible
nvd
CVE-2025-68268P4MEDIUMCVSS 6.1fixed in 2025.11.12025-12-16
CVE-2025-68268 [MEDIUM] CWE-79 CVE-2025-68268: In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
nvd
CVE-2020-15829P4MEDIUMCVSS 5.3fixed in 2019.2.32020-08-08
CVE-2020-15829 [MEDIUM] CWE-532 CVE-2020-15829: In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
nvd
CVE-2021-43194P4MEDIUMCVSS 5.3fixed in 2021.1.22021-11-09
CVE-2021-43194 [MEDIUM] CVE-2021-43194: In JetBrains TeamCity before 2021.1.2, user enumeration was possible. In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
nvd
CVE-2021-37547P4MEDIUMCVSS 5.3fixed in 2020.2.42021-08-06
CVE-2021-37547 [MEDIUM] CVE-2021-37547: In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
nvd
CVE-2021-43198P4MEDIUMCVSS 5.4fixed in 2021.1.22021-11-09
CVE-2021-43198 [MEDIUM] CWE-79 CVE-2021-43198: In JetBrains TeamCity before 2021.1.2, stored XSS is possible. In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
nvd
CVE-2022-24339P4MEDIUMCVSS 5.4fixed in 2021.2.12022-02-25
CVE-2022-24339 [MEDIUM] CWE-79 CVE-2022-24339: JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
nvd
CVE-2021-43195P4MEDIUMCVSS 5.3fixed in 2021.1.22021-11-09
CVE-2021-43195 [MEDIUM] CVE-2021-43195: In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
nvd
CVE-2021-43199P4MEDIUMCVSS 5.3fixed in 2021.1.2.2021-11-09
CVE-2021-43199 [MEDIUM] CWE-276 CVE-2021-43199: In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insuf In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
nvd
Jetbrains Teamcity vulnerabilities | cvebase