Fixed security issues

This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.

ProductDescriptionSeverityResolved InCWECVE
TeamCitySeveral DOM-based XSS were possible on the Code Inspection Report tab (TW-87505)Medium2024.12.2CWE-79CVE-2025-26493
TeamCityImproper Kubernetes connection settings could expose sensitive resources (TW-91106)High2024.12.2CWE-522CVE-2025-26492
TeamCityReflected XSS was possible on the Vault Connection page (TW-91124)Medium2024.12.1CWE-79CVE-2025-24459
TeamCityImproper access control allowed to see Projects’ names in the agent pool (TW-52375, TW-91367)Medium2024.12.1CWE-863CVE-2025-24460
TeamCityDecryption of connection secrets without proper permissions was possible via Test Connection endpoint (TW-91164)Medium2024.12.1CWE-862CVE-2025-24461
TeamCityImproper access control allowed viewing details of unauthorized agents (TW-85841)Medium2024.12CWE-863CVE-2024-56348
TeamCityImproper access control allowed unauthorized users to modify build logs (TW-90726)Medium2024.12CWE-862CVE-2024-56349
TeamCityBuild credentials allowed unauthorized viewing of projects (TW-24904)Medium2024.12CWE-863CVE-2024-56350
TeamCityAccess tokens were not revoked after removing user roles (TW-76910)Medium2024.12CWE-613CVE-2024-56351
TeamCityStored XSS was possible via image name on the agent details page (TW-89485)Medium2024.12CWE-79CVE-2024-56352
TeamCityBackup file exposed user credentials and session cookies. Reported by Thomas Siegbert (TW-89719)Medium2024.12CWE-212CVE-2024-56353
TeamCityPassword field value were accessible to users with view settings permission (TW-49870)Medium2024.12CWE-522CVE-2024-56354
TeamCityMissing Content-Type header in RemoteBuildLogController response could lead to XSS (TW-80940)Medium2024.12CWE-79CVE-2024-56355
TeamCityInsecure XMLParser configuration could lead to potential XXE attack (TW-86582)Medium2024.12CWE-611CVE-2024-56356
TeamCityPassword could be exposed via Sonar runner REST API (TW-64557)Medium2024.07.3CWE-522CVE-2024-47161
TeamCityPath traversal leading to information disclosure was possible via server backups. Reported by Thomas Siegbert (TW-89721)Medium2024.07.3CWE-23CVE-2024-47948
TeamCityPath traversal allowed backup file write to arbitrary location. Reported by Thomas Siegbert (TW-89723)Medium2024.07.3CWE-23CVE-2024-47949
TeamCityStored XSS was possible in Backup configuration settings. Reported by Thomas Siegbert (TW-89700)Low2024.07.3CWE-79CVE-2024-47950
TeamCityStored XSS was possible via server global settings (TW-88983)Low2024.07.3CWE-79CVE-2024-47951
TeamCityPossible privilege escalation due to incorrect directory permissions. Reported by Crispr Xiang from TianShu Dubhe Team (TW-87656)High2024.07.1CWE-276CVE-2024-43114
TeamCityMultiple stored XSS was possible on Clouds page (TW-85512)Medium2024.07.1CWE-79CVE-2024-43807
TeamCitySelf XSS was possible in the HashiCorp Vault plugin (TW-84492)Low2024.07.1CWE-79CVE-2024-43808
TeamCityReflected XSS was possible on the agentPushPreset page (TW-84016)Low2024.07.1CWE-79CVE-2024-43809
TeamCityReflected XSS was possible in the AWS Core plugin (TW-86958)Medium2024.07.1CWE-79CVE-2024-43810
TeamCityParameters of the "password" type could leak into the build log in some specific cases (TW-67957)Medium2024.07CWE-532CVE-2024-41824
TeamCityStored XSS was possible on the Code Inspection tab (TW-83483)Medium2024.07CWE-79CVE-2024-41825
TeamCityStored XSS was possible on Show Connection page (TW-86935)Low2024.07CWE-79CVE-2024-41826
TeamCityAccess tokens could continue working after deletion or expiration (TW-76857)High2024.07CWE-613CVE-2024-41827
TeamCityComparison of authorization tokens took non-constant time (TW-85815)Low2024.07CWE-208CVE-2024-41828
TeamCityAn OAuth code for JetBrains Space could be stolen via Space Application connection (TW-84124)Low2024.07CWE-303CVE-2024-41829
TeamCityPrivate key could be exposed via testing GitHub App Connection (TW-88255)Medium2024.03.3CWE-522CVE-2024-39878
TeamCityApplication token could be exposed in EC2 Cloud Profile settings (TW-88399)Medium2024.03.3CWE-522CVE-2024-39879
TeamCityPath traversal allowing to read files from server was possible (TW-87898)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2CWE-23CVE-2024-36362
TeamCitySeveral Stored XSS in code inspection reports were possible (TW-83495)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36363
TeamCityImproper access control in Pull Requests and Commit status publisher build features was possible (TW-84931)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-863CVE-2024-36364
TeamCityA third-party agent could impersonate a cloud agent (TW-87450)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2CWE-863CVE-2024-36365
TeamCityAn XSS could be executed via certain report grouping and filtering operations (TW-83893)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36366
TeamCityStored XSS via third-party reports was possible (TW-83270)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36367
TeamCityReflected XSS via OAuth provider configuration was possible (TW-83485)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36368
TeamCityStored XSS via issue tracker integration was possible (TW-83149)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36369
TeamCityStored XSS via OAuth connection settings was possible (TW-83658)Medium2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-79CVE-2024-36370
TeamCityStored XSS in Commit status publisher was possible (TW-84958)Medium2023.05.6, 2023.11.5CWE-79CVE-2024-36371
TeamCityReflected XSS on the subscriptions page was possible (TW-83892)Medium2023.05.6CWE-79CVE-2024-36372
TeamCitySeveral stored XSS in untrusted builds settings were possible (TW-87421)Medium2024.03.2CWE-79CVE-2024-36373
TeamCityStored XSS via build step settings was possible (TW-87381)Medium2024.03.2CWE-79CVE-2024-36374
TeamCityTechnical information regarding TeamCity server could be exposed (TW-87468)Medium2024.03.2CWE-209CVE-2024-36375
TeamCityUsers could perform actions that should not be available to them based on their permissions (TW-83710)Medium2024.03.2CWE-863CVE-2024-36376
TeamCityCertain TeamCity API endpoints did not check user permissions (TW-83647)Medium2024.03.2CWE-863CVE-2024-36377
TeamCityServer was susceptible to DoS attacks with incorrect auth tokens (TW-87071)Medium2024.03.2CWE-770CVE-2024-36378
TeamCityAuthentication bypass was possible in specific edge cases even when the security patch plugin is intstalled (TW-86860)High2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5CWE-288CVE-2024-36470
TeamCitySeveral Stored XSS in the available updates page were possible (TW-87050)Low2024.03.1CWE-79CVE-2024-35300
TeamCityCommit status publisher didn't check project scope of the GitHub App token (TW-86523)Medium2024.03.1CWE-280CVE-2024-35301
TeamCityStored XSS during restore from backup was possible (TW-82309)Medium2023.11CWE-79CVE-2024-35302
TeamCityAuthenticated users without administrative permissions could register other users when self-registration was disabled (TW-87046)Medium2024.03CWE-863CVE-2024-31134
TeamCityOpen redirect was possible on the login page (TW-87062)Medium2024.03CWE-601CVE-2024-31135
TeamCity2FA could be bypassed by providing a special URL parameter (TW-86989)High2024.03CWE-1288CVE-2024-31136
TeamCityReflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832)Medium2024.03CWE-79CVE-2024-31137
TeamCityXSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535)Medium2024.03CWE-79CVE-2024-31138
TeamCityXXE was possible in the Maven build steps detector (TW-86300)Medium2024.03CWE-611CVE-2024-31139
TeamCityServer administrators could remove arbitrary files from the server by installing tools (TW-86039)Medium2024.03CWE-1288CVE-2024-31140
TeamCityUsers with access to the agent machine might obtain permissions of the user running the agent process (TW-83048)Medium2023.11CWE-749CVE-2024-29880
TeamCityCustom build parameters of the "password" type could be disclosed (TW-86403)Medium2023.11.4CWE-201CVE-2024-28173
TeamCityPresigned URL generation requests in S3 Artifact Storage plugin were authorized improperly (TW-85562)Medium2023.11.4CWE-863CVE-2024-28174
TeamCityAuthentication bypass allowing to perform admin actions was possible. Reported by Rapid7 team (TW-86500)Critical2023.11.4CWE-288CVE-2024-27198
TeamCityPath traversal allowing to perform limited admin actions was possible. Reported by Rapid7 team (TW-86502)High2023.11.4CWE-23CVE-2024-27199
TeamCityPath traversal allowed reading data within JAR archives. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86017)Medium2023.11.3CWE-23CVE-2024-24942
TeamCityAuthentication bypass leading to RCE was possible. Reported by Sndav Bai and Crispr Xiang from TianShu Dubhe Team (TW-86005)Critical2023.11.3CWE-288CVE-2024-23917
TeamCityAccess control at the S3 Artifact Storage plugin endpoint was missed (TW-85499)Medium2023.11.2CWE-285CVE-2024-24936
TeamCityStored XSS via agent distribution was possible (TW-85880)Medium2023.11.2CWE-79CVE-2024-24937
TeamCityLimited directory traversal was possible in the Kotlin DSL documentation (TW-85585)Medium2023.11.2CWE-23CVE-2024-24938
TeamCityA CSRF on login was possible (TW-84796)Medium2023.11.1CWE-352CVE-2023-50870
TeamCityAuthentication bypass leading to RCE on TeamCity Server was possible. Reported by Stefan Schiller from Sonar (TW-83545)Critical2023.05.4CWE-288CVE-2023-42793
TeamCityStored XSS was possible during nodes configuration (TW-83216)Low2023.05.4CWE-79CVE-2023-43566
TeamCityStored XSS was possible during Cloud Profiles configuration (TW-82867, TW-82475)Medium2023.05.3CWE-79CVE-2023-41248
TeamCityReflected XSS was possible during copying Build Step (TW-82869)Medium2023.05.3CWE-79CVE-2023-41249
TeamCityReflected XSS was possible during user registration (TW-82876)Low2023.05.3CWE-79CVE-2023-41250
TeamCityA token with limited permissions could be used to gain full account access (TW-82485)Medium2023.05.2CWE-266CVE-2023-39173
TeamCityA ReDoS attack was possible via integration with issue trackers (TW-82283)Medium2023.05.2CWE-1333CVE-2023-39174
TeamCityReflected XSS via GitHub integration was possible (TW-82472)Medium2023.05.2CWE-79CVE-2023-39175
TeamCityStored XSS when using a custom theme was possible (TW-82270)Medium2023.05.1CWE-79CVE-2023-38061
TeamCityParameters of the "password" type could be shown in the UI in certain composite build configurations (TW-82022)Medium2023.05.1CWE-200CVE-2023-38062
TeamCityStored XSS while running custom builds was possible (TW-81723)Medium2023.05.1CWE-79CVE-2023-38063
TeamCityBuild chain parameters of the "password" type could be written to the agent log (TW-81846)Medium2023.05.1CWE-532CVE-2023-38064
TeamCityStored XSS while viewing the build log was possible (TW-81777)Medium2023.05.1CWE-79CVE-2023-38065
TeamCityReflected XSS via the Referer header was possible during artifact downloads (TW-80993)Medium2023.05.1CWE-79CVE-2023-38066
TeamCityBuild parameters of the "password" type could be written to the agent log (TW-80002)Medium2023.05.1CWE-532CVE-2023-38067
TeamCityBypass of permission checks allowing to perform admin actions was possible. Reported by Isaac Peka (TW-81566)Critical2023.05, 2022.10.4CWE-863CVE-2023-34218
TeamCityImproper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API. Reported by Olof Lindberg (TW-80538)Medium2023.05, 2022.10.4CWE-285CVE-2023-34219
TeamCityStored XSS in the Commit Status Publisher window was possible (TW-80262)Medium2023.05, 2022.10.4CWE-79CVE-2023-34220
TeamCityStored XSS in the Show Connection page was possible (TW-81182)Medium2023.05CWE-79CVE-2023-34221
TeamCityPossible XSS in the Plugin Vendor URL was possible (TW-80378)Medium2023.05CWE-79CVE-2023-34222
TeamCityParameters of the "password" type from build dependencies could be logged in some cases (TW-81338)Medium2023.05CWE-532CVE-2023-34223
TeamCityOpen redirect during oAuth configuration was possible (TW-79888)Medium2023.05CWE-601CVE-2023-34224
TeamCityStored XSS in the NuGet feed page was possible (TW-81031)Medium2023.05CWE-79CVE-2023-34225
TeamCityReflected XSS in the Subscriptions page was possible (TW-80881)Medium2023.05CWE-79CVE-2023-34226
TeamCityA specific endpoint was vulnerable to brute force attacks (TW-80842)Medium2023.05, 2022.10.4CWE-749CVE-2023-34227
TeamCityAuthentication checks were missing – 2FA was not checked for some sensitive account actions (TW-73544)Medium2023.05CWE-308CVE-2023-34228
TeamCityStored XSS in GitLab Connection page was possible (TW-80174)Medium2023.05, 2022.10.4CWE-79CVE-2023-34229
TeamCityStored XSS in Perforce connection settings was possible (TW-79891)Medium2022.10.3CWE-79CVE-2022-48426
TeamCityStored XSS on “Pending changes” and “Changes” tabs was possible (TW-80199)Medium2022.10.3CWE-79CVE-2022-48427
TeamCityStored XSS on the SSH keys page was possible (TW-80097)Medium2022.10.3CWE-79CVE-2022-48428
TeamCityJVMTI was enabled by default on agents. Reported by Hj Chai (TW-78552)Medium2022.10.2CWE-1188CVE-2022-48342
TeamCityThere was an XSS vulnerability in the user creation process (TW-78783)Medium2022.10.2CWE-79CVE-2022-48343
TeamCityThere was an XSS vulnerability in the group creation process (TW-78786)Medium2022.10.2CWE-79CVE-2022-48344
TeamCityA custom STS endpoint allowed internal port scanning (TW-78415)Medium2022.10.1CWE-918CVE-2022-46830
TeamCityConnecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators (TW-78416)Medium2022.10.1CWE-453CVE-2022-46831
TeamCityExcessive access permissions for secure token health items (TW-73518)Low2022.10CWE-284CVE-2022-44622
TeamCityProject Viewer could see scrambled secure values in the MetaRunner settings (TW-76796)Medium2022.10CWE-538CVE-2022-44623
TeamCityPassword parameters could be exposed in the build log if they contained special characters (TW-77048)Medium2022.10CWE-532CVE-2022-44624
TeamCityNo audit items were added upon editing a user's settings (TW-75537)Low2022.10CWE-223CVE-2022-44646
TeamCityEnvironmental variables of "password" type could be logged when using custom Perforce executable. Reported by Pierre Hosteins and Yvan Serykh (TW-77474)Medium2022.04.4CWE-532CVE-2022-40979
TeamCityThe private SSH key could be written to the server log in some cases (TW-76758)Low2022.04.3CWE-532CVE-2022-38133
TeamCityThe private SSH key could be written to the build log in some cases (TW-76651)Medium2022.04.2CWE-532CVE-2022-36321
TeamCityBuild parameter injection was possible. Reported by Micky Sung (TW-76356)Medium2022.04.2CWE-88CVE-2022-36322
TeamCityReflected XSS on the Build Chain Status page (TW-75231)Medium2022.04CWE-79CVE-2022-29927
TeamCityPossible leak of secrets in TeamCity agent logs (TW-74263, TW-68807)Medium2022.04CWE-532CVE-2022-29928
TeamCityPotential XSS via Referrer header (TW-75605)Low2022.04CWE-79CVE-2022-29929
TeamCityReflected XSS (TW-74044)Medium2021.2.2CWE-79CVE-2022-25261
TeamCityOS command injection in the Agent Push feature configuration. Reported by Cristian Chavez (TW-74822)High2021.2.3CWE-78CVE-2022-25263
TeamCityEnvironmental variables of "password" type could be logged in some cases (TW-74625)Medium2021.2.3CWE-532CVE-2022-25264
TeamCityA redirect to an external site was possible (TW-71113)Low2021.2.1CWE-601CVE-2022-24330
TeamCityLogout failed to remove the "Remember Me" cookie (TW-72969)Low2021.2CWE-613CVE-2022-24332
TeamCityGitLab authentication impersonation. Reported by Christian Pedersen (TW-73375)High2021.1.4CWE-285CVE-2022-24331
TeamCityThe "Agent push" feature allowed any private key on the server to be selected (TW-73399)Low2021.2.1CWE-284CVE-2022-24334
TeamCityBlind SSRF via an XML-RPC call. Reported by Artem Godin (TW-73465)Medium2021.2CWE-918CVE-2022-24333
TeamCityTime-of-check/Time-of-use (TOCTOU) vulnerability in agent registration via XML-RPC. Reported by Artem Godin (TW-73468)High2021.2CWE-367CVE-2022-24335
TeamCityAn unauthenticated attacker could cancel running builds via an XML-RPC request to the TeamCity server. Reported by Artem Godin (TW-73469)Medium2021.2.1CWE-284CVE-2022-24336
TeamCityPull-requests' health items were shown to users without appropriate permissions (TW-73516)Low2021.2CWE-284CVE-2022-24337
TeamCityStored XSS. Reported by Yurii Sanin (TW-73737)Medium2021.2.1CWE-79CVE-2022-24339
TeamCityURL injection leading to CSRF. Reported by Yurii Sanin (TW-73859)Medium2021.2.1CWE-352CVE-2022-24342
TeamCityChanging a password failed to terminate sessions of the edited user (TW-73888)Low2021.2.1CWE-613CVE-2022-24341
TeamCityXXE during the parsing of a configuration file (TW-73932)Medium2021.2.1CWE-611CVE-2022-24340
TeamCityReflected XSS (TW-74043)Medium2021.2.1CWE-79CVE-2022-24338
TeamCityUser enumeration was possible (TW-70167)Low2021.1.2CWE-200CVE-2021-43194
TeamCityRCE in agent push functionality. Reported by Eduardo Castellanos (TW-70384)High2021.1.2CWE-78CVE-2021-43193
TeamCityInformation disclosure via Docker Registry connection dialog (TW-70459)Medium2021.1CWE-200CVE-2021-43196
TeamCitySome HTTP Security Headers were missed (TW-71376)Low2021.1.2CWE-693CVE-2021-43195
TeamCityEmail notifications could include unescaped HTML (TW-71981)Low2021.1.2CWE-116CVE-2021-43197
TeamCityInsufficient permissions checks in create patch functionality (TW-71982)Low2021.1.2CWE-285CVE-2021-43199
TeamCityStored XSS (TW-72007)Low2021.1.2CWE-79CVE-2021-43198
TeamCityInsufficient permissions checks in agent push functionality (TW-72177)Low2021.1.2CWE-285CVE-2021-43200
TeamCityX-Frame-Options Header was missed in some cases (TW-72464)Low2021.1.3CWE-693CVE-2021-43202
TeamCityA newly created project could take settings from already deleted project (TW-72521)Medium2021.1.3CWE-459CVE-2021-43201
TeamCityPotential XSS (TW-61688)High2020.2.3CWE-79CVE-2021-37542
TeamCityInsecure deserialization (TW-70057, TW-70080)High2020.2.4CWE-502CVE-2021-37544
TeamCityInsufficient authentication checks for agent requests (TW-70166)High2021.1.1CWE-287CVE-2021-37545
TeamCityInsecure key generation for encrypted properties (TW-70201)Low2021.1CWE-335CVE-2021-37546
TeamCityInsufficient checks during file uploading (TW-70546)Medium2020.2.4CWE-434CVE-2021-37547
TeamCityPasswords in plain text sometimes could be stored in VCS (TW-71008)Medium2021.1CWE-540CVE-2021-37548
TeamCityPotential XSS on the test history page (TW-67710)Medium2020.2.2CWE-79CVE-2021-31904
TeamCityTeamCity IntelliJ Plugin DOS. Reported by Jonathan Leitschuh (TW-69070)Low2020.2.2CWE-770CVE-2021-26310
TeamCityLocal information disclosure via temporary file in TeamCity IntelliJ Plugin. Reported by Jonathan Leitschuh (TW-69420)Low2020.2.2CWE-378CVE-2021-26309
TeamCityInsufficient audit when an administrator uploads a file (TW-69511)Low2020.2.2CWE-778CVE-2021-31906
TeamCityImproper permission checks for changing TeamCity plugins (TW-69521)Low2020.2.2CWE-732CVE-2021-31907
TeamCityPotential XSS on the test page. Reported by Stephen Patches (TW-69737)Low2020.2.2CWE-79CVE-2021-3315
TeamCityArgument Injection leading to RCE (TW-70054)High2020.2.3CWE-78CVE-2021-31909
TeamCityStored XSS on several pages (TW-70078, TW-70348)Medium2020.2.3CWE-79CVE-2021-31908
TeamCityInformation disclosure via SSRF (TW-70079)High2020.2.3CWE-918CVE-2021-31910
TeamCityReflected XSS on several pages (TW-70093, TW-70094, TW-70095, TW-70096, TW-70137)Medium2020.2.3CWE-79CVE-2021-31911
TeamCityPotential account takeover during password reset (TW-70303)Medium2020.2.3CWE-640CVE-2021-31912
TeamCityInsufficient checks of the redirect_uri during GitHub SSO token exchange (TW-70358)Low2020.2.3CWE-601CVE-2021-31913
TeamCityArbitrary code execution on TeamCity Server running on Windows. Reported by Chris Moore (TW-70512)High2020.2.4CWE-829CVE-2021-31914
TeamCityCommand injection leading to RCE. Reported by Chris Moore (TW-70541)High2020.2.4CWE-78CVE-2021-31915
TeamCityReflected XSS on several pages (TW-67424, TW-68098)Medium2020.2Not applicableCVE-2021-25773
TeamCityTeamCity server DoS was possible via server integration (TW-68406, TW-68780)Low2020.2.2Not applicableCVE-2021-25772
TeamCityECR token exposure in the build's parameters (TW-68515)Medium2020.2Not applicableCVE-2021-25776
TeamCityUser could get access to GitHub access token of another user (TW-68646)Low2020.2.1Not applicableCVE-2021-25774
TeamCityServer admin could create and see access tokens for any other users (TW-68862)Low2020.2.1Not applicableCVE-2021-25775
TeamCityImproper permissions checks during user deletion (TW-68864)Low2020.2.1Not applicableCVE-2021-25778
TeamCityImproper permissions checks during tokens removal (TW-68871)Low2020.2.1Not applicableCVE-2021-25777
TeamCityTeamCity Plugin SSRF. Vulnerability that could potentially expose user credentials. Reported by Jonathan Leitschuh (TW-69068)High2020.2.85695Not applicableCVE-2020-35667
TeamCityURL injection was possible (TW-44171)Low2020.1.2Not applicableCVE-2020-27627
TeamCityGuest user had access to audit records (TW-67750)Medium2020.1.5Not applicableCVE-2020-27628
TeamCitySecure dependency parameters could be not masked in depending builds when there are no internal artifacts (TW-67775)High2020.1.5Not applicableCVE-2020-27629
TeamCityUsers were able to assign more permissions than they had. (TW-36158)Low2020.1Not applicableCVE-2020-15826
TeamCityUsers with "Modify group" permission can elevate other users privileges. (TW-58858)Medium2020.1Not applicableCVE-2020-15825
TeamCityPassword parameters could be disclosed via build logs. (TW-64484)Low2019.2.3Not applicableCVE-2020-15829
TeamCityProject parameter values could be retrieved by a user without appropriate permissions. (TW-64587)High2020.1.1Not applicableCVE-2020-15828
TeamCityReflected XSS on administration UI. (TW-64668)High2019.2.3Not applicableCVE-2020-15831
TeamCityStored XSS on administration UI. (TW-64699)High2019.2.3Not applicableCVE-2020-15830
TeamCityPasswords values were shown not being masked on several pages (TW-64186)Low2019.2.2Not applicableCVE-2020-11687
TeamCityProject administrator was able to see scrambled password parameters used in a project (TW-58099)Medium2019.2.2Not applicableCVE-2020-11938
TeamCityProject administrator was able to retrieve some TeamCity server settings (TW-61626)Low2019.1.4Not applicableCVE-2020-11686
TeamCityApplication state kept alive after a user ends his session (TW-61824)Low2019.2.1Not applicableCVE-2020-11688
TeamCityA user without appropriate permissions was able import settings from settings.kts (TW-63698)Low2019.2.1Not applicableCVE-2020-11689
TeamCityReverse Tabnabbing is possible on several pages. (TW-61710, TW-61726, TW-61727)Low2019.1.5Not applicableCVE-2020-7908
TeamCitySome server-stored passwords can be shown via web UI. (TW-62674)High2019.1.5Not applicableCVE-2020-7909
TeamCityPossible stored XSS attack by a user with a developer role. (TW-63298)Medium2019.2Not applicableCVE-2020-7910
TeamCityStored XSS on user-level pages. (TW-63160)High2019.2Not applicableCVE-2020-7911
TeamCityAccess could be gained to the history of builds of a deleted build configuration under some circumstances. TW-60957Medium2019.1.2Not applicableCVE-2019-18363
TeamCityInsecure Java Deserialization could potentially allow RCE. TW-61928 reported by Aleksei "GreenDog" Tiurin.Medium2019.1.4Not applicableCVE-2019-18364
TeamCityReverse tabnabbing was possible on several pages. TW-61323, TW-61725,TW-61726, TW-61646,TW-62123Low2019.1.4Not applicableCVE-2019-18365
TeamCitySecure values could be exposed to users with the ‘View build runtime parameters and data’ permission.Low2019.1.2Not applicableCVE-2019-18366
TeamCityA non-destructive operation could be performed by a user without the corresponding permissions. TW-61107Low2019.1.2Not applicableCVE-2019-18367
TeamCityPreviously used unencrypted passwords were suggested by a web browser’s auto-completion. TW-59759Low2019.1CWE-200Not applicable
TeamCityVMWare plugin did not check SSL certificate. TW-59562Medium2019.1Not applicableCVE-2019-15042
TeamCityRemote Code Execution on the server with certain network configurations. TW-60430Medium2019.1Not applicableCVE-2019-15039
TeamCityProject administrator could get unauthorized access to server-level data. TW-60220High2019.1Not applicableCVE-2019-15035
TeamCityProject administrator could execute any command on the server machine. TW-60219High2019.1Not applicableCVE-2019-15036
TeamCitySecurity has been tightened thanks to using additional HTTP headers. TW-59034High2019.1Not applicableCVE-2019-15038
TeamCityPossible XSS vulnerabilities on the settings pages. TW-59870, TW-59852, TW-59817, TW-59838, TW-59816High2019.1Not applicableCVE-2019-15037
TeamCityXSS vulnerability. TW-61242, TW-61315High2019.1.2Not applicableCVE-2019-15848
TeamCityA possible stored JavaScript injection was detected. TW-59419Medium2018.2.3Not applicableCVE-2019-12844
TeamCityThe generated Kotlin DSL settings allowed usage of an unencrypted connection for resolving artifacts. TW-59379Medium2018.2.3Not applicableCVE-2019-12845
TeamCityA possible stored JavaScript injection requiring a deliberate server administrator action was detected. TW-55640Medium2018.2.3Not applicableCVE-2019-12843
TeamCityIncorrect handling of user input in ZIP extraction. TW-57143Medium2018.2.2Not applicableCVE-2019-12841
TeamCityA reflected XSS on a user page was detected. TW-58661Medium2018.2.2Not applicableCVE-2019-12842
TeamCityA user without the required permissions could gain access to some settings. TW-58571Medium2018.2.2Not applicableCVE-2019-12846
TeamCityReflected XSS on user-level pages. TW-58065, TW-58234High2018.2Not applicableNot applicable
TeamCityStored XSS on the build details page. TW-58129, TW-58138High2018.2Not applicableNot applicable
TeamCityExposure of sensitive parameter value to a privileged user was possible. TW-56946Medium2018.1.3Not applicableNot applicable
TeamCityCSRF vulnerability. TW-55992Medium2018.1.1Not applicableNot applicable
TeamCityChange of project settings can corrupt settings of other projects. TW-55704Low2018.1.1Not applicableNot applicable
TeamCityPossible privilege escalation while viewing agent details. TW-56025Medium2018.1.1Not applicableNot applicable
TeamCityPossible unvalidated redirect. TW-56085Medium2018.1.2Not applicableNot applicable
TeamCityReflected XSS vulnerabilities. TW-56490, TW-56375, TW-56374Medium2018.1.2Not applicableNot applicable
TeamCityStored XSS vulnerabilities. TW-56830, TW-56719Medium2018.1.3Not applicableNot applicable
TeamCityStored XSS vulnerabilities. TW-55214, TW-56126, TW-56127, TW-56452, TW-56571Medium2018.1.2Not applicableNot applicable
TeamCityPossible privilege escalation to server administrator. TW-55209High2018.1Not applicableNot applicable
TeamCityCSRF attack vulnerability. TW-55210High2018.1Not applicableNot applicable
TeamCityPossible privilege escalation from project administrator to server administrator. TW-55211, TW-55684High2018.1Not applicableNot applicable
TeamCityPossible unauthorized removal of installation data by project administrator. TW-54876High2018.1Not applicableNot applicable
TeamCityNetwork access to an agent allowed potential unauthorized control over the agent. TW-49335Medium2018.1Not applicableNot applicable
TeamCityIn a very specific scenario, an attacker could steal web responses meant for other users. TW-54486Medium2018.1Not applicableNot applicable
TeamCityStored XSS vulnerabilities on various pages. TW-27206, TW-54129, TW-55453, TW-55215, TW-55217, TW-55353Medium2018.1Not applicableNot applicable
TeamCityProject viewer could delete non-critical project settings. TW-55261Medium2018.1Not applicableNot applicable
TeamCityNetwork access to a server allowed potential read access to project settings. TW-54870Medium2018.1Not applicableNot applicable
TeamCityProject viewer could affect details of some running builds. TW-54975Medium2018.1Not applicableNot applicable
TeamCityReflected XSS vulnerabilities on various pages. TW-55212, TW-55213Medium2018.1Not applicableNot applicable
TeamCityUser self-registration might have been enabled by default on new server installation. TW-54741Medium2017.2.4, 2018.1Not applicableNot applicable
TeamCityPossible vulnerability to ClickJacking attack from TeamCity UI. TW-33819Medium2017.2.4, 2018.1Not applicableNot applicable
TeamCityProject viewer could bypass the "View build runtime parameters and data" permission. TW-55502Low2018.1Not applicableNot applicable
TeamCityNetwork access to a server exposed a vulnerability to DoS attacks. TW-11984Low2018.1Not applicableNot applicable
TeamCityPotential to pass authorization cookies without secure flags. TW-55141Low2018.1Not applicableNot applicable
TeamCityVCS preview allowed XSS attack (TW-54027)Medium2017.2.3Not applicableNot applicable
TeamCityData Directory preview allowed XSS attack (TW-54021)Low2017.2.3Not applicableNot applicable
TeamCityvmWare plugin settings allowed XSS attack (TW-53984)High2017.2.3Not applicableNot applicable
TeamCityVCS settings allowed XSS attack (TW-53943, TW-53978)High2017.2.3Not applicableNot applicable
TeamCityAuthentication bypass was possible with certain Windows server configuration (TW-53507)Medium2017.2.2Not applicableNot applicable
TeamCityProject administrator could run arbitrary code (TW-50054)High2017.2.2Not applicableNot applicable
TeamCityBuild fields allowed XSS attack (TW-53466)Medium2017.2.2Not applicableNot applicable
TeamCityMultiple XSS vulnerabilities (reported by Viktor Gazdag of NCC Group) (TW-53442)High2017.2.2Not applicableNot applicable
Product
TeamCity
Fix version
Select item