Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jetbrains
Filtered by product Teamcity
Angry Yack Logo
Total 257 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26309 1 Jetbrains 1 Teamcity 2024-11-21 2.1 LOW 3.3 LOW
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
CVE-2021-25778 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly.
CVE-2021-25777 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
CVE-2021-25776 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2020.2, an ECR token could be exposed in a build's parameters.
CVE-2021-25775 1 Jetbrains 1 Teamcity 2024-11-21 5.5 MEDIUM 3.8 LOW
In JetBrains TeamCity before 2020.2.1, the server admin could create and see access tokens for any other users.
CVE-2021-25774 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user.
CVE-2021-25773 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages.
CVE-2021-25772 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.2.2, TeamCity server DoS was possible via server integration.
CVE-2020-7911 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.
CVE-2020-7910 1 Jetbrains 1 Teamcity 2024-11-21 3.5 LOW 5.4 MEDIUM
JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.
CVE-2020-7909 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.
CVE-2020-7908 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.
CVE-2020-35667 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
CVE-2020-27629 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.
CVE-2020-27628 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.
CVE-2020-27627 1 Jetbrains 1 Teamcity 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2020-15831 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVE-2020-15830 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVE-2020-15829 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs.
CVE-2020-15828 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions.
CVE-2020-15826 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have.
CVE-2020-15825 1 Jetbrains 1 Teamcity 2024-11-21 6.5 MEDIUM 8.8 HIGH
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
CVE-2020-11938 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. The issue was resolved in 2019.2.2.
CVE-2020-11689 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-11688 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session.
CVE-2020-11687 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages.
CVE-2020-11686 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 2.7 LOW
In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings.
CVE-2019-18367 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.
CVE-2019-18366 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.
CVE-2019-18365 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.
CVE-2019-18364 1 Jetbrains 1 Teamcity 2024-11-21 7.5 HIGH 9.8 CRITICAL
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution.
CVE-2019-18363 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances.
CVE-2019-15848 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user.
CVE-2019-15042 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2019-15039 1 Jetbrains 1 Teamcity 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVE-2019-15038 1 Jetbrains 1 Teamcity 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.
CVE-2019-15037 1 Jetbrains 1 Teamcity 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in JetBrains TeamCity 2018.2.4. It had several XSS vulnerabilities on the settings pages. The issues were fixed in TeamCity 2019.1.
CVE-2019-15036 1 Jetbrains 1 Teamcity 2024-11-21 9.0 HIGH 7.2 HIGH
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-15035 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1.
CVE-2019-12846 1 Jetbrains 1 Teamcity 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.