Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetbrains teamcity vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-15848
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Jetbrains Teamcity 2019.1
Jetbrains Teamcity 2019.1.1
10
CVSSv2
CVE-2019-12157
In JetBrains UpSource versions prior to 2018.2 build 1293, there is credential disclosure via RPC commands.
Jetbrains Teamcity
Jetbrains Upsource 2018.2
Jetbrains Upsource
NA
CVE-2022-36322
In JetBrains TeamCity prior to 2022.04.2 build parameter injection was possible
Jetbrains Teamcity
3.5
CVSSv2
CVE-2021-3315
In JetBrains TeamCity prior to 2020.2.2, stored XSS on a tests page was possible.
Jetbrains Teamcity
NA
CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
Jetbrains Teamcity
NA
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Jetbrains Teamcity
NA
CVE-2023-38061
In JetBrains TeamCity prior to 2023.05.1 stored XSS when using a custom theme was possible
Jetbrains Teamcity
NA
CVE-2023-38064
In JetBrains TeamCity prior to 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Jetbrains Teamcity
5
CVSSv2
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
6.8
CVSSv2
CVE-2022-24342
In JetBrains TeamCity prior to 2021.2.1, URL injection leading to CSRF was possible.
Jetbrains Teamcity
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »