This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
Product | Description | Severity | Resolved In | CWE | CVE |
---|---|---|---|---|---|
TeamCity | Improper access control allowed viewing details of unauthorized agents (TW-85841) | Medium | 2024.12 | CWE-863 | CVE-2024-56348 |
TeamCity | Improper access control allowed unauthorized users to modify build logs (TW-90726) | Medium | 2024.12 | CWE-862 | CVE-2024-56349 |
TeamCity | Build credentials allowed unauthorized viewing of projects (TW-24904) | Medium | 2024.12 | CWE-863 | CVE-2024-56350 |
TeamCity | Access tokens were not revoked after removing user roles (TW-76910) | Medium | 2024.12 | CWE-613 | CVE-2024-56351 |
TeamCity | Stored XSS was possible via image name on the agent details page (TW-89485) | Medium | 2024.12 | CWE-79 | CVE-2024-56352 |
TeamCity | Backup file exposed user credentials and session cookies. Reported by Thomas Siegbert (TW-89719) | Medium | 2024.12 | CWE-212 | CVE-2024-56353 |
TeamCity | Password field value were accessible to users with view settings permission (TW-49870) | Medium | 2024.12 | CWE-522 | CVE-2024-56354 |
TeamCity | Missing Content-Type header in RemoteBuildLogController response could lead to XSS (TW-80940) | Medium | 2024.12 | CWE-79 | CVE-2024-56355 |
TeamCity | Insecure XMLParser configuration could lead to potential XXE attack (TW-86582) | Medium | 2024.12 | CWE-611 | CVE-2024-56356 |