Jetbrains: >> Teamcity >> 8.1.1 Security Vulnerabilities
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible
CVSS Score
9.1
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible
CVSS Score
4.6
EPSS Score
0.042
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases
CVSS Score
4.3
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible
CVSS Score
4.6
EPSS Score
0.032
Published
2023-05-31
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible
CVSS Score
4.6
EPSS Score
0.0
Published
2023-05-31
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks
CVSS Score
5.3
EPSS Score
0.0
Published
2023-05-31