Exposición de TeamCity
CI43
score de exposición
1
sitios usan
3
en explotación
4
críticos
CVEs
176 resultadosCVE-2025-26492HIGHIn JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resourcesEPSS 0.4%CVE-2022-38133LOWIn JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some casesEPSS 0.4%CVE-2025-59455MEDIUMIn JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race conditionEPSS 0.4%CVE-2024-36378MEDIUMIn JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokensEPSS 0.4%CVE-2024-31137MEDIUMIn JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configurationEPSS 0.4%CVE-2022-48344MEDIUMIn JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability in the group creation process.EPSS 0.4%CVE-2024-24937MEDIUMIn JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possibleEPSS 0.4%CVE-2022-44646LOWIn JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settingsEPSS 0.4%CVE-2023-34219MEDIUMIn JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration seEPSS 0.4%CVE-2025-26493MEDIUMIn JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tabEPSS 0.3%CVE-2023-34224MEDIUMIn JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possibleEPSS 0.3%CVE-2024-36375MEDIUMIn JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposedEPSS 0.3%CVE-2024-43809LOWIn JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset pageEPSS 0.3%CVE-2024-41829LOWIn JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connectionEPSS 0.3%CVE-2023-39173MEDIUMIn JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account accessEPSS 0.3%CVE-2024-28174MEDIUMIn JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperlyEPSS 0.3%CVE-2024-36376MEDIUMIn JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissionsEPSS 0.3%CVE-2024-36364MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisherEPSS 0.3%CVE-2024-36377MEDIUMIn JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissionsEPSS 0.3%CVE-2024-43807MEDIUMIn JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds pageEPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →