Jetbrains: >> Teamcity >> 8.1.1 Security Vulnerabilities
In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible
CVSS Score
4.6
EPSS Score
0.255
Published
2023-07-25
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible
CVSS Score
4.6
EPSS Score
0.504
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
CVSS Score
4.6
EPSS Score
0.504
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
CVSS Score
4.6
EPSS Score
0.504
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
CVSS Score
4.6
EPSS Score
0.255
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-29
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31