This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
Product | Description | Severity | Resolved In | CWE | CVE |
---|---|---|---|---|---|
TeamCity | Authenticated users without administrative permissions could register other users when self-registration was disabled (TW-87046) | Medium | 2024.03 | CWE-863 | CVE-2024-31134 |
TeamCity | Open redirect was possible on the login page (TW-87062) | Medium | 2024.03 | CWE-601 | CVE-2024-31135 |
TeamCity | 2FA could be bypassed by providing a special URL parameter (TW-86989) | High | 2024.03 | CWE-1288 | CVE-2024-31136 |
TeamCity | Reflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832) | Medium | 2024.03 | CWE-79 | CVE-2024-31137 |
TeamCity | XSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535) | Medium | 2024.03 | CWE-79 | CVE-2024-31138 |
TeamCity | XXE was possible in the Maven build steps detector (TW-86300) | Medium | 2024.03 | CWE-611 | CVE-2024-31139 |
TeamCity | Server administrators could remove arbitrary files from the server by installing tools (TW-86039) | Medium | 2024.03 | CWE-1288 | CVE-2024-31140 |