JetBrains Teamcity
By the Year
In 2023 there have been 3 vulnerabilities in JetBrains Teamcity with an average score of 7.3 out of ten. Last year Teamcity had 29 security vulnerabilities published. Right now, Teamcity is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.69.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 3 | 7.33 |
2022 | 29 | 6.64 |
2021 | 37 | 6.52 |
2020 | 18 | 5.84 |
2019 | 20 | 6.48 |
2018 | 0 | 0.00 |
It may take a day or so for new Teamcity vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent JetBrains Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
CVE-2022-48344
6.1 - Medium
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.
XSS
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
CVE-2022-48343
6.1 - Medium
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process.
XSS
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
CVE-2022-48342
9.8 - Critical
- February 23, 2023
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.
Insecure Default Initialization of Resource
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain"
CVE-2022-46831
4.9 - Medium
- December 08, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Insecure Default Initialization of Resource
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint
CVE-2022-46830
5.3 - Medium
- December 08, 2022
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.
XSPA
In JetBrains TeamCity version before 2022.10
CVE-2022-44646
5.3 - Medium
- November 03, 2022
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
In JetBrains TeamCity version before 2022.10
CVE-2022-44624
7.5 - High
- November 03, 2022
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
Insertion of Sensitive Information into Log File
In JetBrains TeamCity version before 2022.10
CVE-2022-44623
7.5 - High
- November 03, 2022
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-44622
5.3 - Medium
- November 03, 2022
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
CVE-2022-40979
5.3 - Medium
- September 23, 2022
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
CVE-2022-38133
5.3 - Medium
- August 10, 2022
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
CVE-2022-36322
8.8 - High
- July 20, 2022
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible
Argument Injection
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
CVE-2022-36321
6.5 - Medium
- July 20, 2022
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2022.04 potential XSS
CVE-2022-29929
6.1 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible
XSS
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
CVE-2022-29928
4.9 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
Insertion of Sensitive Information into Log File
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
CVE-2022-29927
6.1 - Medium
- May 12, 2022
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible
XSS
In JetBrains TeamCity before 2021.2.3
CVE-2022-25264
7.5 - High
- February 25, 2022
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.
Insecure Storage of Sensitive Information
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
CVE-2022-25263
9.8 - Critical
- February 25, 2022
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration.
Shell injection
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
CVE-2022-25261
6.1 - Medium
- February 25, 2022
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.
XSS
In JetBrains TeamCity before 2021.2.1
CVE-2022-24342
8.8 - High
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
Session Riding
In JetBrains TeamCity before 2021.2.1
CVE-2022-24341
7.5 - High
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
Insufficient Session Expiration
In JetBrains TeamCity before 2021.2.1
CVE-2022-24340
9.8 - Critical
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
XXE
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2022-24339
5.4 - Medium
- February 25, 2022
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
XSS
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24338
6.1 - Medium
- February 25, 2022
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
XSS
In JetBrains TeamCity before 2021.2
CVE-2022-24337
6.5 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
Incorrect Default Permissions
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds
CVE-2022-24336
5.3 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
Exposure of Resource to Wrong Sphere
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration
CVE-2022-24335
8.1 - High
- February 25, 2022
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
TOCTTOU
In JetBrains TeamCity before 2021.2.1, the Agent Push feature
CVE-2022-24334
5.3 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
In JetBrains TeamCity before 2021.2.1
CVE-2022-24330
6.1 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
Open Redirect
In JetBrains TeamCity before 2021.2, blind SSRF
CVE-2022-24333
6.5 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
XSPA
In JetBrains TeamCity before 2021.2
CVE-2022-24332
5.3 - Medium
- February 25, 2022
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
Insufficient Session Expiration
In JetBrains TeamCity before 2021.1.4
CVE-2022-24331
9.8 - Critical
- February 25, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
authentification
In JetBrains TeamCity before 2021.1.3
CVE-2021-43202
9.8 - Critical
- November 30, 2021
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings
CVE-2021-43201
5.3 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
In JetBrains TeamCity before 2021.1.2
CVE-2021-43200
9.8 - Critical
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
In JetBrains TeamCity before 2021.1.2
CVE-2021-43199
5.3 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
Incorrect Default Permissions
In JetBrains TeamCity before 2021.1.2
CVE-2021-43198
5.4 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
XSS
In JetBrains TeamCity before 2021.1.2
CVE-2021-43197
6.1 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
XSS
In JetBrains TeamCity before 2021.1, information disclosure
CVE-2021-43196
7.5 - High
- November 09, 2021
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
In JetBrains TeamCity before 2021.1.2
CVE-2021-43195
5.3 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
In JetBrains TeamCity before 2021.1.2
CVE-2021-43194
5.3 - Medium
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
In JetBrains TeamCity before 2021.1.2, remote code execution
CVE-2021-43193
9.8 - Critical
- November 09, 2021
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
In JetBrains TeamCity before 2021.1
CVE-2021-37548
7.5 - High
- August 06, 2021
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
Cleartext Storage of Sensitive Information
In JetBrains TeamCity before 2020.2.4
CVE-2021-37547
5.3 - Medium
- August 06, 2021
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
In JetBrains TeamCity before 2021.1
CVE-2021-37546
5.3 - Medium
- August 06, 2021
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
Use of a Broken or Risky Cryptographic Algorithm
In JetBrains TeamCity before 2020.2.3
CVE-2021-37542
6.1 - Medium
- August 06, 2021
In JetBrains TeamCity before 2020.2.3, XSS was possible.
XSS
In JetBrains TeamCity before 2021.1.1
CVE-2021-37545
7.5 - High
- August 06, 2021
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
authentification
In JetBrains TeamCity before 2020.2.4
CVE-2021-37544
9.8 - Critical
- August 06, 2021
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
Marshaling, Unmarshaling
In JetBrains TeamCity before 2020.2.3
CVE-2021-31911
6.1 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
XSS
In JetBrains TeamCity before 2020.2.4
CVE-2021-31915
9.8 - Critical
- May 11, 2021
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
Shell injection
In JetBrains TeamCity before 2020.2.3
CVE-2021-31913
7.5 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
Improper Validation of Integrity Check Value
In JetBrains TeamCity before 2020.2.3
CVE-2021-31912
8.8 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
Weak Password Recovery Mechanism for Forgotten Password
In JetBrains TeamCity before 2020.2.3, information disclosure
CVE-2021-31910
7.5 - High
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
XSPA
In JetBrains TeamCity before 2020.2.2
CVE-2021-3315
5.4 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
XSS
In JetBrains TeamCity before 2020.2.3
CVE-2021-31908
5.4 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
XSS
In JetBrains TeamCity before 2020.2.3
CVE-2021-31909
9.8 - Critical
- May 11, 2021
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
Argument Injection
In JetBrains TeamCity before 2020.2.2
CVE-2021-31907
5.3 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
Incorrect Permission Assignment for Critical Resource
In JetBrains TeamCity before 2020.2.2
CVE-2021-31906
2.7 - Low
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
In JetBrains TeamCity before 2020.2.2
CVE-2021-31904
6.1 - Medium
- May 11, 2021
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
XSS
In the TeamCity IntelliJ plugin before 2020.2.2.85899
CVE-2021-26310
7.5 - High
- May 11, 2021
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible
CVE-2021-26309
3.3 - Low
- May 11, 2021
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
Exposure of Resource to Wrong Sphere
JetBrains TeamCity Plugin before 2020.2.85695 SSRF
CVE-2020-35667
7.5 - High
- February 03, 2021
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
XSPA
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible
CVE-2021-25772
5.3 - Medium
- February 03, 2021
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2021-25773
6.1 - Medium
- February 03, 2021
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
XSS
In JetBrains TeamCity before 2020.2.1
CVE-2021-25774
4.3 - Medium
- February 03, 2021
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
AuthZ
In JetBrains TeamCity before 2020.2.1
CVE-2021-25775
3.8 - Low
- February 03, 2021
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
In JetBrains TeamCity before 2020.2
CVE-2021-25776
7.5 - High
- February 03, 2021
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
Insecure Storage of Sensitive Information
In JetBrains TeamCity before 2020.2.1
CVE-2021-25777
5.3 - Medium
- February 03, 2021
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
AuthZ
In JetBrains TeamCity before 2020.2.1
CVE-2021-25778
5.3 - Medium
- February 03, 2021
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2020-27627
6.1 - Medium
- November 16, 2020
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
Injection
In JetBrains TeamCity before 2020.1.5
CVE-2020-27628
4.3 - Medium
- November 16, 2020
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
In JetBrains TeamCity before 2020.1.5
CVE-2020-27629
5.3 - Medium
- November 16, 2020
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
In JetBrains TeamCity before 2020.1, users with the Modify Group permission
CVE-2020-15825
8.8 - High
- August 08, 2020
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
Improper Privilege Management
In JetBrains TeamCity before 2020.1
CVE-2020-15826
4.3 - Medium
- August 08, 2020
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
AuthZ
In JetBrains TeamCity before 2020.1.1, project parameter values
CVE-2020-15828
6.5 - Medium
- August 08, 2020
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
Information Disclosure
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed
CVE-2020-15829
5.3 - Medium
- August 08, 2020
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
Information Disclosure
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVE-2020-15830
6.1 - Medium
- August 08, 2020
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
XSS
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVE-2020-15831
6.1 - Medium
- August 08, 2020
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
XSS
In JetBrains TeamCity before 2019.1.4
CVE-2020-11686
2.7 - Low
- April 22, 2020
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
Information Disclosure
In JetBrains TeamCity before 2019.2.2
CVE-2020-11687
7.5 - High
- April 22, 2020
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
Information Disclosure
In JetBrains TeamCity before 2019.2.1
CVE-2020-11688
7.5 - High
- April 22, 2020
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
Insufficient Session Expiration
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings
CVE-2020-11689
6.5 - Medium
- April 22, 2020
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
Incorrect Default Permissions
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project
CVE-2020-11938
4.9 - Medium
- April 22, 2020
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
Information Disclosure
In JetBrains TeamCity before 2019.1.5
CVE-2020-7908
4.3 - Medium
- January 30, 2020
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
Insufficiently Protected Credentials
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown
CVE-2020-7909
7.5 - High
- January 30, 2020
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
Insufficiently Protected Credentials
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2020-7910
5.4 - Medium
- January 30, 2020
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
XSS
In JetBrains TeamCity before 2019.2
CVE-2020-7911
6.1 - Medium
- January 30, 2020
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
XSS
In JetBrains TeamCity before 2019.1.4
CVE-2019-18365
4.3 - Medium
- October 31, 2019
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
In JetBrains TeamCity before 2019.1.2
CVE-2019-18366
5.3 - Medium
- October 31, 2019
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
Incorrect Default Permissions
In JetBrains TeamCity before 2019.1.2
CVE-2019-18367
5.3 - Medium
- October 31, 2019
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
Incorrect Default Permissions
In JetBrains TeamCity before 2019.1.2
CVE-2019-18363
5.3 - Medium
- October 31, 2019
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
Information Disclosure
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially
CVE-2019-18364
9.8 - Critical
- October 31, 2019
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
Marshaling, Unmarshaling
Server metadata could be exposed
CVE-2019-12156
5.3 - Medium
- October 02, 2019
Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 build 1293.
Generation of Error Message Containing Sensitive Information
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure
CVE-2019-12157
9.8 - Critical
- October 02, 2019
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.
Improper Input Validation
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15036
7.2 - High
- October 02, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Shell injection
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15037
6.1 - Medium
- October 02, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
XSS
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15035
4.9 - Medium
- October 01, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
Information Disclosure
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15042
7.5 - High
- October 01, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
Improper Certificate Validation
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15038
7.5 - High
- October 01, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
An issue was discovered in JetBrains TeamCity 2018.2.4
CVE-2019-15039
9.8 - Critical
- October 01, 2019
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for JetBrains Teamcity or by JetBrains? Click the Watch button to subscribe.
