Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jetbrains teamcity vulnerabilities and exploits
(subscribe to this query)
384
VMScore
CVE-2019-15848
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
Jetbrains Teamcity 2019.1
Jetbrains Teamcity 2019.1.1
890
VMScore
CVE-2019-12157
In JetBrains UpSource versions prior to 2018.2 build 1293, there is credential disclosure via RPC commands.
Jetbrains Teamcity
Jetbrains Upsource 2018.2
Jetbrains Upsource
NA
CVE-2022-36322
In JetBrains TeamCity prior to 2022.04.2 build parameter injection was possible
Jetbrains Teamcity
312
VMScore
CVE-2021-3315
In JetBrains TeamCity prior to 2020.2.2, stored XSS on a tests page was possible.
Jetbrains Teamcity
NA
CVE-2022-46830
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
Jetbrains Teamcity
NA
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Jetbrains Teamcity
NA
CVE-2023-38061
In JetBrains TeamCity prior to 2023.05.1 stored XSS when using a custom theme was possible
Jetbrains Teamcity
NA
CVE-2023-38064
In JetBrains TeamCity prior to 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Jetbrains Teamcity
445
VMScore
CVE-2022-24336
In JetBrains TeamCity prior to 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Jetbrains Teamcity
605
VMScore
CVE-2022-24342
In JetBrains TeamCity prior to 2021.2.1, URL injection leading to CSRF was possible.
Jetbrains Teamcity
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »