Teamcity | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Kategori: Teamcity - CVE listesi
PRODUCT 51 kayıt
Low CVSS: 2.3

CVE-2026-28196

In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
Medium CVSS: 4.3

CVE-2026-28195

In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
Medium CVSS: 4.3

CVE-2026-28194

In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
Medium CVSS: 5.4

CVE-2025-68268

In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
Medium CVSS: 6.5

CVE-2025-68267

In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
Medium CVSS: 5.4

CVE-2025-68166

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
Medium CVSS: 5.4

CVE-2025-68165

In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
Low CVSS: 2.7

CVE-2025-68164

In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
Low CVSS: 3.5

CVE-2025-68163

In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
Low CVSS: 2.7

CVE-2025-68162

In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
Low CVSS: 3.8

CVE-2025-67742

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Medium CVSS: 4.6

CVE-2025-67741

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Low CVSS: 2.7

CVE-2025-67740

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Low CVSS: 3.1

CVE-2025-67739

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
High CVSS: 7.7

CVE-2025-59457

In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
Medium CVSS: 5.5

CVE-2025-59456

In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
Medium CVSS: 4.2

CVE-2025-59455

In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
Medium CVSS: 4.3

CVE-2025-57734

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
Medium CVSS: 5.5

CVE-2025-57733

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
High CVSS: 7.5

CVE-2025-57732

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership