Latest jetbrains teamcity Vulnerabilities

CVE-2024-31138
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
Jetbrains Teamcity<2024.03
CVE-2024-31137
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
Jetbrains Teamcity<2024.03
CVE-2024-31135
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
Jetbrains Teamcity<2024.03
CVE-2024-27198
JetBrains TeamCity Authentication Bypass Vulnerability
Jetbrains Teamcity<2023.11.4
Jetbrains Teamcity
CVE-2023-40057
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23477
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23476
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23478
SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23479
SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability
SolarWinds Access Rights Manager=2023.2.3
Jetbrains Teamcity
SonicWall firewall
Perforce Helix Core Server
and 1 more
CVE-2024-23917
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Jetbrains Teamcity=2017.1
Jetbrains Teamcity=2017.2
Jetbrains Teamcity=2018.1
Jetbrains Teamcity=2018.2
Jetbrains Teamcity=2019.1
Jetbrains Teamcity=2019.2
and 18 more
CVE-2024-24942
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
Jetbrains Teamcity<2023.11.3
CVE-2024-24938
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
Jetbrains Teamcity<2023.11.2
CVE-2024-24937
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
Jetbrains Teamcity<2023.11.2
CVE-2024-24936
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
Jetbrains Teamcity<2023.11.2
CVE-2023-50870
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible
Jetbrains Teamcity<2023.11.1
CVE-2023-42793
JetBrains TeamCity Authentication Bypass Vulnerability
Jetbrains Teamcity<2023.05.4
Jetbrains Teamcity
Jetbrains Teamcity=2017.1
Jetbrains Teamcity=2017.2
Jetbrains Teamcity=2018.1
Jetbrains Teamcity=2018.2
and 19 more
CVE-2023-43566
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration
Jetbrains Teamcity<2023.05.4
CVE-2023-41248
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration
Jetbrains Teamcity<2023.05.3
CVE-2023-41249
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step
Jetbrains Teamcity<2023.05.3
CVE-2023-41250
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration
Jetbrains Teamcity<2023.05.3
CVE-2023-39175
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
Jetbrains Teamcity<2023.05.2
CVE-2023-39174
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers
Jetbrains Teamcity<2023.05.2
CVE-2023-39173
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access
Jetbrains Teamcity<2023.05.2
CVE-2023-38066
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Jetbrains Teamcity<2023.05.1
CVE-2023-38064
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
Jetbrains Teamcity<2023.05.1
CVE-2023-38065
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
Jetbrains Teamcity<2023.05.1
CVE-2023-38062
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
Jetbrains Teamcity<2023.05.1
CVE-2023-38061
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
Jetbrains Teamcity<2023.05.1
CVE-2023-38067
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
Jetbrains Teamcity<2023.05.1
CVE-2023-38063
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
Jetbrains Teamcity<2023.05.1
CVE-2015-1313
Jetbrains Teamcity>=8.0<9.0.2
CVE-2023-34226
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
Jetbrains Teamcity<2023.05
CVE-2023-34222
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
Jetbrains Teamcity<2023.05
CVE-2023-34225
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
Jetbrains Teamcity<2023.05
CVE-2023-34223
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
Jetbrains Teamcity<2023.05
CVE-2023-34228
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
Jetbrains Teamcity<2023.05
CVE-2023-34221
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
Jetbrains Teamcity<2023.05
CVE-2023-34220
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
Jetbrains Teamcity<2023.05
CVE-2023-34224
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
Jetbrains Teamcity<2023.05
CVE-2023-34219
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
Jetbrains Teamcity<2023.05
CVE-2023-34229
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible
Jetbrains Teamcity<2023.05
CVE-2023-34227
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
Jetbrains Teamcity<2023.05
CVE-2023-34218
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
Jetbrains Teamcity<2023.05
CVE-2022-48428
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible
Jetbrains Teamcity<2022.10.3
CVE-2022-48427
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible
Jetbrains Teamcity<2022.10.3
CVE-2022-48426
In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible
Jetbrains Teamcity=2022.10.3
CVE-2022-48344
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
Jetbrains Teamcity<2022.10.2
CVE-2022-48343
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
Jetbrains Teamcity<2022.10.2
CVE-2022-48342
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Jetbrains Teamcity<2022.10.2
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to ...
Jetbrains Teamcity>=2022.10<=2022.10.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203