Fixed security issues

This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.

ProductDescriptionSeverityResolved InCWECVE
TeamCityReflected XSS was possible on the Vault Connection page (TW-91124)Medium2024.12.1CWE-79CVE-2025-24459
TeamCityImproper access control allowed to see Projects’ names in the agent pool (TW-52375, TW-91367)Medium2024.12.1CWE-863CVE-2025-24460
TeamCityDecryption of connection secrets without proper permissions was possible via Test Connection endpoint (TW-91164)Medium2024.12.1CWE-862CVE-2025-24461
Product
TeamCity
Fix version
2024.12.1