This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
Product | Description | Severity | Resolved In | CWE | CVE |
---|---|---|---|---|---|
TeamCity | Reflected XSS was possible on the Vault Connection page (TW-91124) | Medium | 2024.12.1 | CWE-79 | CVE-2025-24459 |
TeamCity | Improper access control allowed to see Projects’ names in the agent pool (TW-52375, TW-91367) | Medium | 2024.12.1 | CWE-863 | CVE-2025-24460 |
TeamCity | Decryption of connection secrets without proper permissions was possible via Test Connection endpoint (TW-91164) | Medium | 2024.12.1 | CWE-862 | CVE-2025-24461 |