Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36373 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | |||||
| CVE-2024-36372 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | |||||
| CVE-2024-56348 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | |||||
| CVE-2024-56349 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | |||||
| CVE-2024-56350 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | |||||
| CVE-2024-56351 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 6.3 MEDIUM |
| In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | |||||
| CVE-2024-56352 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | |||||
| CVE-2024-56353 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | |||||
| CVE-2024-56354 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | |||||
| CVE-2024-56355 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | |||||
| CVE-2024-56356 | 1 Jetbrains | 1 Teamcity | 2025-01-02 | N/A | 5.9 MEDIUM |
| In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | |||||
| CVE-2024-31140 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 4.1 MEDIUM |
| In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | |||||
| CVE-2024-31139 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 5.9 MEDIUM |
| In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | |||||
| CVE-2024-31136 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 7.4 HIGH |
| In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | |||||
| CVE-2024-31134 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.5 MEDIUM |
| In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | |||||
| CVE-2024-36366 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations | |||||
| CVE-2024-36365 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 6.8 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent | |||||
| CVE-2024-35301 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 5.5 MEDIUM |
| In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | |||||
| CVE-2024-35300 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 3.5 LOW |
| In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possible | |||||
| CVE-2024-36370 | 1 Jetbrains | 1 Teamcity | 2024-12-16 | N/A | 4.6 MEDIUM |
| In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible | |||||