Jetbrains: >> Teamcity >> 8.1.1 Security Vulnerabilities
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVSS Score
4.6
EPSS Score
0.058
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVSS Score
4.6
EPSS Score
0.077
Published
2023-05-31
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVSS Score
5.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions
CVSS Score
5.3
EPSS Score
0.0
Published
2023-05-31