Jetbrains: >> Teamcity >> 8.1.3 Security Vulnerabilities
JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.2.1, editing a user account to change its password didn't terminate sessions of the edited user.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-02-25
In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-02-25
In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-30
In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-11-09
In JetBrains TeamCity before 2021.1.2, user enumeration was possible.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-11-09