Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains
Filtered by product Teamcity
Angry Yack Logo
Total 257 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24340 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
CVE-2022-24339 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVE-2022-24338 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.
CVE-2022-24337 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions.
CVE-2022-24336 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.
CVE-2022-24335 1 Jetbrains 1 Teamcity 2024-11-21 6.8 MEDIUM 8.1 HIGH
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.
CVE-2022-24334 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server.
CVE-2022-24333 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible.
CVE-2022-24332 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie.
CVE-2022-24331 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVE-2022-24330 1 Jetbrains 1 Teamcity 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVE-2021-43202 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVE-2021-43201 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVE-2021-43200 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVE-2021-43199 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVE-2021-43198 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43197 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43196 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVE-2021-43195 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVE-2021-43194 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVE-2021-43193 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVE-2021-3315 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
CVE-2021-37548 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.
CVE-2021-37547 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.
CVE-2021-37546 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used.
CVE-2021-37545 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made.
CVE-2021-37544 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.
CVE-2021-37542 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVE-2021-31915 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
CVE-2021-31914 2 Jetbrains, Microsoft 2 Teamcity, Windows 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
CVE-2021-31913 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
CVE-2021-31912 1 Jetbrains 1 Teamcity 2024-11-21 6.8 MEDIUM 8.8 HIGH
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
CVE-2021-31911 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
CVE-2021-31910 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
CVE-2021-31909 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.
CVE-2021-31908 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
CVE-2021-31907 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.
CVE-2021-31906 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 2.7 LOW
In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.
CVE-2021-31904 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
CVE-2021-26310 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.