CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:jetbrains:teamcity:2024.03.2:*:*:*:*:*:*:*
Informations
Vendor
jetbrainsProduct
teamcityVersion
2024.03.2Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
17h23 +00:00 |
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | 4.3 |
Medium |
|
17h23 +00:00 |
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | 6.1 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | 7.1 |
High |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 5.4 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 5.5 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 6.5 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 5.4 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | 8.8 |
High |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 4.3 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 5.3 |
Medium |
|
14h11 +00:00 |
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 4.3 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | 5.4 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | 5.4 |
Medium |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | 7.5 |
High |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | 7.5 |
High |
|
15h48 +00:00 |
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API | 6.5 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin | 5.4 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page | 6.1 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin | 5.4 |
Medium |
|
14h51 +00:00 |
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page | 5.4 |
Medium |
|
12h48 +00:00 |
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions | 7.8 |
High |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection | 7.5 |
High |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time | 6.5 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration | 9.8 |
Critical |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page | 4.8 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab | 5.4 |
Medium |
|
14h50 +00:00 |
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases | 6.5 |
Medium |
|
17h07 +00:00 |
In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings | 5.3 |
Medium |
|
17h07 +00:00 |
In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection | 5.3 |
Medium |
2025©
tesweb SA
