Jetbrains: >> Teamcity Security Vulnerabilities
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible.
CVSS Score
7.5
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2020.2.3, XSS was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-08-06