Jetbrains: >> Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-29
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVSS Score
4.6
EPSS Score
0.058
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVSS Score
4.6
EPSS Score
0.077
Published
2023-05-31