Jetbrains: >> Teamcity >> 8.1.3 Security Vulnerabilities
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
CVSS Score
4.6
EPSS Score
0.0
Published
2023-07-12
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log
CVSS Score
4.3
EPSS Score
0.0
Published
2023-07-12
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-06-29
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVSS Score
4.6
EPSS Score
0.077
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVSS Score
4.6
EPSS Score
0.001
Published
2023-05-31