CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:jetbrains:teamcity:2024.07.3:*:*:*:*:*:*:*
Informations
Vendor
jetbrainsProduct
teamcityVersion
2024.07.3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page | 6.1 |
Medium |
||
| In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible | 5.4 |
Medium |
||
| In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible | 5.4 |
Medium |
||
| In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible | 5.4 |
Medium |
||
| In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab | 6.1 |
Medium |
||
| In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | 9.8 |
Critical |
||
| In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | 6.5 |
Medium |
||
| In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page | 7.5 |
High |
||
| In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page | 6.1 |
Medium |
||
| In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log | 6.5 |
Medium |
||
| In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources | 9.1 |
Critical |
||
| In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab | 6.1 |
Medium |
||
| In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool | 4.3 |
Medium |
||
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | 6.1 |
Medium |
||
| In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | 7.1 |
High |
||
| In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 5.4 |
Medium |
||
| In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 5.5 |
Medium |
||
| In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 6.5 |
Medium |
||
| In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 5.4 |
Medium |
||
| In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | 8.8 |
High |
||
| In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 4.3 |
Medium |
||
| In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 5.3 |
Medium |
||
| In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 4.3 |
Medium |
