Exposure of TeamCity
CI43
exposure score
1
sites use
3
exploited
4
critical
CVEs
176 resultsCVE-2023-34227MEDIUMIn JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacksEPSS 0.5%CVE-2015-1313—JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request daEPSS 0.5%CVE-2024-36362MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was posEPSS 0.5%CVE-2024-31139MEDIUMIn JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detectorEPSS 0.5%CVE-2024-31135MEDIUMIn JetBrains TeamCity before 2024.03 open redirect was possible on the login pageEPSS 0.5%CVE-2022-46830MEDIUMIn JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.EPSS 0.5%CVE-2024-36470HIGHIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge casesEPSS 0.5%CVE-2022-46831MEDIUMIn JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity projectEPSS 0.4%CVE-2022-29928MEDIUMIn JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possibleEPSS 0.4%CVE-2025-46433MEDIUMIn JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possibleEPSS 0.4%CVE-2022-44622LOWIn JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessiveEPSS 0.4%CVE-2022-29929LOWIn JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possibleEPSS 0.4%CVE-2024-31134MEDIUMIn JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registratioEPSS 0.4%CVE-2024-31140MEDIUMIn JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing toolsEPSS 0.4%CVE-2023-38067MEDIUMIn JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent logEPSS 0.4%CVE-2023-38064MEDIUMIn JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent logEPSS 0.4%CVE-2026-49373HIGHIn JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settingsEPSS 0.4%CVE-2024-41827HIGHIn JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expirationEPSS 0.4%CVE-2025-67741MEDIUMIn JetBrains TeamCity before 2025.11 stored XSS was possible via session attributeEPSS 0.4%CVE-2023-34228MEDIUMIn JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actionsEPSS 0.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →