JetBrains TeamCity 2024.07

CPE Details

JetBrains TeamCity 2024.07
jetbrains
teamcity
2024.07
2024-12-16
18h13 +00:00
2024-12-16
18h13 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:jetbrains:teamcity:2024.07:*:*:*:*:*:*:*

Informations

Vendor

jetbrains

Product

teamcity

Version

2024.07

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-52879 2025-06-23 14h13 +00:00 In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
4.8
Moyen
CVE-2025-52878 2025-06-23 14h13 +00:00 In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions
4.3
Moyen
CVE-2025-52877 2025-06-23 14h13 +00:00 In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
4.8
Moyen
CVE-2025-52876 2025-06-23 14h13 +00:00 In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible
5.4
Moyen
CVE-2025-52875 2025-06-23 14h13 +00:00 In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible
5.4
Moyen
CVE-2025-47854 2025-05-20 17h37 +00:00 In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
6.1
Moyen
CVE-2025-47853 2025-05-20 17h37 +00:00 In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
5.4
Moyen
CVE-2025-47852 2025-05-20 17h37 +00:00 In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
5.4
Moyen
CVE-2025-47851 2025-05-20 17h37 +00:00 In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
5.4
Moyen
CVE-2025-46618 2025-04-25 14h32 +00:00 In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab
6.1
Moyen
CVE-2025-46433 2025-04-25 14h32 +00:00 In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
9.8
Critique
CVE-2025-46432 2025-04-25 14h32 +00:00 In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
6.5
Moyen
CVE-2025-31141 2025-03-27 11h24 +00:00 In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
7.5
Haute
CVE-2025-31140 2025-03-27 11h24 +00:00 In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page
6.1
Moyen
CVE-2025-31139 2025-03-27 11h24 +00:00 In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
6.5
Moyen
CVE-2025-26492 2025-02-11 13h56 +00:00 In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
9.1
Critique
CVE-2025-26493 2025-02-11 13h56 +00:00 In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
6.1
Moyen
CVE-2025-24460 2025-01-21 17h23 +00:00 In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
4.3
Moyen
CVE-2025-24459 2025-01-21 17h23 +00:00 In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
6.1
Moyen
CVE-2024-56356 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
7.1
Haute
CVE-2024-56355 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
5.4
Moyen
CVE-2024-56354 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
5.5
Moyen
CVE-2024-56353 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies
6.5
Moyen
CVE-2024-56352 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page
5.4
Moyen
CVE-2024-56351 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles
8.8
Haute
CVE-2024-56350 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
4.3
Moyen
CVE-2024-56349 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
5.3
Moyen
CVE-2024-56348 2024-12-20 14h11 +00:00 In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
4.3
Moyen
CVE-2024-47951 2024-10-08 15h48 +00:00 In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
5.4
Moyen
CVE-2024-47950 2024-10-08 15h48 +00:00 In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
5.4
Moyen
CVE-2024-47949 2024-10-08 15h48 +00:00 In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
7.5
Haute
CVE-2024-47948 2024-10-08 15h48 +00:00 In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
7.5
Haute
CVE-2024-47161 2024-10-08 15h48 +00:00 In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
6.5
Moyen
CVE-2024-43810 2024-08-16 14h51 +00:00 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
5.4
Moyen
CVE-2024-43809 2024-08-16 14h51 +00:00 In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
6.1
Moyen
CVE-2024-43808 2024-08-16 14h51 +00:00 In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
5.4
Moyen
CVE-2024-43807 2024-08-16 14h51 +00:00 In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
5.4
Moyen
CVE-2024-43114 2024-08-06 12h48 +00:00 In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
7.8
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.