CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:jetbrains:teamcity:2020.2.2:*:*:*:*:*:*:*
Informations
Vendor
jetbrainsProduct
teamcityVersion
2020.2.2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
17h23 +00:00 |
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | 4.3 |
Medium |
|
17h23 +00:00 |
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | 6.1 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | 7.1 |
High |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 5.4 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 5.5 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 6.5 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 5.4 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | 8.8 |
High |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 4.3 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 5.3 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 4.3 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | 5.4 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | 5.4 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | 7.5 |
High |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | 7.5 |
High |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | 6.5 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | 5.4 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | 6.1 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | 5.4 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | 5.4 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | 7.8 |
High |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | 7.5 |
High |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | 6.5 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 9.8 |
Critical |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | 4.8 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | 5.4 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases | 6.5 |
Medium |
|
17h07 +00:00 |
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | 5.3 |
Medium |
|
17h07 +00:00 |
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | 5.3 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases | 9.8 |
Critical |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens | 7.5 |
High |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions | 8.1 |
High |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions | 8.1 |
High |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed | 5.3 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | 6.1 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible | 5.4 |
Medium |
|
13h29 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible | 6.1 |
Medium |
|
13h28 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations | 6.1 |
Medium |
|
13h28 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent | 8.1 |
High |
|
13h28 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible | 6.5 |
Medium |
|
13h28 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible | 5.4 |
Medium |
|
13h28 +00:00 |
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible | 6.5 |
Medium |
|
10h32 +00:00 |
In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible | 6.1 |
Medium |
|
10h32 +00:00 |
In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token | 5.5 |
Medium |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools | 4.9 |
Medium |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector | 8.1 |
High |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings | 5.4 |
Medium |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration | 6.8 |
Medium |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter | 7.4 |
High |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | 6.1 |
Medium |
|
15h07 +00:00 |
In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled | 6.5 |
Medium |
|
13h56 +00:00 |
In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process | 7.8 |
High |
|
16h52 +00:00 |
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly | 5.8 |
Medium |
|
17h21 +00:00 |
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible | 7.3 |
High |
|
17h21 +00:00 |
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible | 9.8 |
Critical |
|
09h21 +00:00 |
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible | 9.8 |
Critical |
|
09h21 +00:00 |
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | 5.3 |
Medium |
|
09h21 +00:00 |
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | 5.3 |
Medium |
|
09h21 +00:00 |
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible | 5.4 |
Medium |
|
09h21 +00:00 |
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed | 5.3 |
Medium |
|
13h48 +00:00 |
In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible | 8.8 |
High |
|
16h57 +00:00 |
In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | 5.4 |
Medium |
|
16h57 +00:00 |
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 |
Critical |
|
12h58 +00:00 |
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | 6.1 |
Medium |
|
12h58 +00:00 |
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | 6.1 |
Medium |
|
12h58 +00:00 |
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | 5.4 |
Medium |
|
14h45 +00:00 |
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | 6.1 |
Medium |
|
14h45 +00:00 |
In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | 7.5 |
High |
|
14h45 +00:00 |
In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | 8.8 |
High |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log | 6.5 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads | 6.1 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible | 5.4 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log | 6.5 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible | 5.4 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations | 6.5 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible | 5.4 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible | 5.4 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions | 6.5 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks | 7.5 |
High |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible | 6.1 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible | 5.4 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | 4.8 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases | 5.3 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible | 6.1 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible | 5.4 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible | 5.4 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API | 4.3 |
Medium |
|
13h03 +00:00 |
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible | 9.8 |
Critical |
|
15h27 +00:00 |
In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible | 5.4 |
Medium |
|
15h27 +00:00 |
In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible | 5.4 |
Medium |
|
15h44 +00:00 |
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process. | 6.1 |
Medium |
|
15h44 +00:00 |
In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the user creation process. | 6.1 |
Medium |
|
15h44 +00:00 |
In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents. | 9.8 |
Critical |
|
23h00 +00:00 |
In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings | 7.5 |
High |
|
23h00 +00:00 |
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | 7.5 |
High |
|
23h00 +00:00 |
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | 5.3 |
Medium |
|
08h50 +00:00 |
In JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executable | 5.3 |
Medium |
|
13h25 +00:00 |
In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | 5.3 |
Medium |
|
10h30 +00:00 |
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible | 8.8 |
High |
|
10h30 +00:00 |
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases | 6.5 |
Medium |
|
06h35 +00:00 |
In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible | 6.1 |
Medium |
|
06h35 +00:00 |
In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible | 4.9 |
Medium |
|
06h35 +00:00 |
In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible | 6.1 |
Medium |
|
18h59 +00:00 |
JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS. | 6.1 |
Medium |
|
18h59 +00:00 |
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 |
Critical |
|
18h59 +00:00 |
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | 7.5 |
High |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible. | 8.8 |
High |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user. | 7.5 |
High |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible. | 9.8 |
Critical |
|
13h35 +00:00 |
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS. | 5.4 |
Medium |
|
13h35 +00:00 |
JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS. | 6.1 |
Medium |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. | 6.5 |
Medium |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | 5.3 |
Medium |
|
13h35 +00:00 |
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC. | 8.1 |
High |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | 5.3 |
Medium |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible. | 6.5 |
Medium |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2, a logout action didn't remove a Remember Me cookie. | 5.3 |
Medium |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. | 9.8 |
Critical |
|
13h35 +00:00 |
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | 6.1 |
Medium |
|
14h21 +00:00 |
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases. | 9.8 |
Critical |
|
13h50 +00:00 |
In JetBrains TeamCity before 2021.1.2, user enumeration was possible. | 5.3 |
Medium |
|
13h49 +00:00 |
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. | 9.8 |
Critical |
|
13h49 +00:00 |
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. | 7.5 |
High |
|
13h47 +00:00 |
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. | 5.3 |
Medium |
|
13h47 +00:00 |
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. | 6.1 |
Medium |
|
13h46 +00:00 |
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | 5.3 |
Medium |
|
13h44 +00:00 |
In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | 5.4 |
Medium |
|
13h43 +00:00 |
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. | 9.8 |
Critical |
|
13h41 +00:00 |
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. | 5.3 |
Medium |
|
11h26 +00:00 |
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS. | 7.5 |
High |
|
11h25 +00:00 |
In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made. | 5.3 |
Medium |
|
11h24 +00:00 |
In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties was used. | 5.3 |
Medium |
|
11h24 +00:00 |
In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | 7.5 |
High |
|
11h23 +00:00 |
In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization. | 9.8 |
Critical |
|
11h22 +00:00 |
In JetBrains TeamCity before 2020.2.3, XSS was possible. | 6.1 |
Medium |
|
10h12 +00:00 |
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 9.8 |
Critical |
|
10h11 +00:00 |
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible. | 9.8 |
Critical |
|
10h09 +00:00 |
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. | 7.5 |
High |
|
10h05 +00:00 |
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset. | 8.8 |
High |
|
10h04 +00:00 |
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. | 6.1 |
Medium |
|
10h02 +00:00 |
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible. | 7.5 |
High |
|
10h00 +00:00 |
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. | 5.4 |
Medium |
|
09h59 +00:00 |
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. | 9.8 |
Critical |
|
14h51 +00:00 |
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials. | 7.5 |
High |
2025©
tesweb SA
