📦 Teamcity
by Jetbrains
🔍 What is Teamcity?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-27198 is an authentication bypass vulnerability in JetBrains TeamCity CI/CD servers that allows unauthenticated attackers to perform administrative actions. This affects all TeamCity servers ...
This critical vulnerability in JetBrains TeamCity allows attackers to bypass authentication mechanisms and achieve remote code execution (RCE) on affected servers. Organizations using TeamCity version...
CVE-2023-42793 is a critical authentication bypass vulnerability in JetBrains TeamCity CI/CD servers that allows unauthenticated attackers to execute arbitrary code remotely. This affects all organiza...
This vulnerability in JetBrains TeamCity allows attackers to bypass permission checks and perform administrative actions without proper authorization. It affects all TeamCity installations running ver...
This vulnerability allows XML External Entity (XXE) attacks during configuration file parsing in JetBrains TeamCity. Attackers can read arbitrary files from the server, potentially leading to sensitiv...
This vulnerability in JetBrains TeamCity allows attackers to impersonate users through GitLab authentication flaws. It affects TeamCity instances using GitLab authentication before version 2021.1.4. A...
This vulnerability allows clickjacking attacks by missing X-Frame-Options headers in JetBrains TeamCity instances. Attackers can embed vulnerable pages in iframes to trick users into performing uninte...
This vulnerability allows remote attackers to execute arbitrary code on JetBrains TeamCity servers by exploiting the agent push functionality. It affects all TeamCity installations before version 2021...
This vulnerability in JetBrains TeamCity allows attackers to bypass permission checks in the Agent Push functionality, potentially enabling unauthorized code execution or system compromise. It affects...
CVE-2021-37544 is an insecure deserialization vulnerability in JetBrains TeamCity that allows remote attackers to execute arbitrary code on affected servers. This affects TeamCity installations before...
This vulnerability allows attackers to execute arbitrary code on JetBrains TeamCity servers running on Windows. It affects TeamCity installations before version 2020.2.4 on Windows operating systems, ...
This vulnerability allows remote attackers to execute arbitrary code on JetBrains TeamCity servers by injecting malicious arguments. It affects all TeamCity installations before version 2020.2.3. Atta...
This vulnerability in JetBrains TeamCity allows attackers to leak credentials on Windows systems due to insufficient Git URL validation. It affects TeamCity installations on Windows where Git reposito...
This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity installations before version 2025.07. Attackers could g...
This vulnerability in JetBrains TeamCity allows attackers to access sensitive Kubernetes resources due to improper connection settings. Organizations using TeamCity with Kubernetes integration are aff...
This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity installations before version 2024.07.1. Attackers could...
This vulnerability allows access tokens in JetBrains TeamCity to remain functional after they have been deleted or expired, creating an authentication bypass. Any TeamCity server with access tokens co...
This CVE describes an authentication bypass vulnerability in JetBrains TeamCity CI/CD servers. Attackers could potentially gain unauthorized access to TeamCity instances in specific edge cases. Organi...
This vulnerability allows attackers to bypass two-factor authentication (2FA) in JetBrains TeamCity by using a special URL parameter. It affects all TeamCity instances with 2FA enabled that are runnin...
This vulnerability in JetBrains TeamCity allows environment variables marked as 'password' type to be logged in certain cases, potentially exposing sensitive credentials. It affects TeamCity installat...
This vulnerability in JetBrains TeamCity allows attackers to exploit a race condition during agent registration via XML-RPC, potentially enabling unauthorized agent registration or privilege escalatio...
This vulnerability in JetBrains TeamCity allows attackers to inject malicious URLs that can lead to Cross-Site Request Forgery (CSRF) attacks. It affects TeamCity servers running versions before 2021....
This vulnerability in JetBrains TeamCity allows attackers to access sensitive information through the Docker Registry connection dialog. It affects TeamCity instances before version 2021.1. The inform...
JetBrains TeamCity versions before 2021.1 could store passwords in cleartext within version control systems (VCS). This vulnerability allows attackers with access to VCS repositories to obtain sensiti...
This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in JetBrains TeamCity that allows attackers to make unauthorized requests from the server to internal systems. It affects TeamCity...
CVE-2021-31912 is an account takeover vulnerability in JetBrains TeamCity where attackers could potentially hijack user accounts during password reset processes. This affects organizations running Tea...
This vulnerability in the TeamCity IntelliJ plugin allows denial-of-service attacks by crashing the plugin or IDE. It affects developers using IntelliJ IDEA with the TeamCity plugin installed. The vul...
This CVE describes a missing authorization vulnerability in JetBrains TeamCity where project developers can add parameters to build configurations without proper permission checks. This affects TeamCi...
JetBrains TeamCity versions before 2025.11 contain a reflected cross-site scripting (XSS) vulnerability in the VCS Root setup interface. This allows attackers to inject malicious scripts that execute ...
This DOM-based cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the OAuth connections tab. When exploited, it could enable session hijac...
JetBrains TeamCity versions before 2025.11.1 stored GitHub personal access tokens instead of installation tokens, granting excessive privileges. This vulnerability allows attackers with access to thes...
This vulnerability allows attackers to inject malicious scripts into the JetBrains TeamCity storage settings page, which are then executed in victims' browsers when they view the page. It affects all ...
This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into session attributes that persist and execute when other users view affected ...
This CVE describes a project isolation bypass vulnerability in JetBrains TeamCity due to a race condition. Attackers could potentially access or modify project data they shouldn't have permission to v...
This vulnerability allows attackers to perform path traversal attacks during project archive uploads in JetBrains TeamCity, potentially enabling unauthorized file access or manipulation. Organizations...
This CVE describes an SMTP injection vulnerability in JetBrains TeamCity that allows attackers to modify email content sent by the application. Attackers could potentially alter email headers, body co...
This vulnerability exposes AWS credentials in Docker script files within JetBrains TeamCity CI/CD servers. Attackers who gain access to these files could potentially use the credentials to access AWS ...
This vulnerability in JetBrains TeamCity allows passwords to be exposed via command line arguments when using the 'hg pull' command. Attackers with access to process listings could potentially capture...
This vulnerability allows reflected cross-site scripting (XSS) attacks on JetBrains TeamCity's agentpushPreset page. Attackers can inject malicious scripts that execute in users' browsers when they vi...
This Cross-Site Request Forgery (CSRF) vulnerability in JetBrains TeamCity allows attackers to trick authenticated users into performing unintended GraphQL operations. Attackers could modify data or p...
This vulnerability in JetBrains TeamCity allows unauthorized users to access sensitive build configuration settings through snapshot dependencies. It affects organizations using TeamCity for CI/CD pip...
A Cross-Site Request Forgery (CSRF) vulnerability in JetBrains TeamCity's GitHub App connection flow allows attackers to trick authenticated users into performing unauthorized actions. This affects Te...
This vulnerability allows reflected cross-site scripting (XSS) attacks on the favoriteIcon page in JetBrains TeamCity. Attackers can inject malicious scripts that execute in users' browsers when they ...
This vulnerability in JetBrains TeamCity exposes usernames to users who lack proper permissions to view them. It affects organizations using TeamCity for CI/CD pipelines where user enumeration could r...
This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts via GitHub Checks Webhooks. When exploited, these scripts execute in the context...
This vulnerability allows attackers to inject malicious scripts into JetBrains TeamCity's Jira integration interface, which are then stored and executed when other users view the affected pages. It af...
This vulnerability in JetBrains TeamCity allows attackers to bypass path validation in the loggingPreset parameter, potentially enabling unauthorized file access or manipulation. It affects all TeamCi...
This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the Cloud Profiles page. When other users view the compromised page, the sc...
Multiple DOM-based cross-site scripting (XSS) vulnerabilities exist in JetBrains TeamCity's Code Inspection Report tab. These allow attackers to inject malicious scripts that execute in users' browser...
This vulnerability in JetBrains TeamCity allows unauthorized decryption of connection secrets via the Test Connection endpoint. Attackers with access to the endpoint can potentially retrieve sensitive...
This vulnerability allows reflected cross-site scripting (XSS) attacks on the Vault Connection page in JetBrains TeamCity. Attackers can inject malicious scripts that execute in users' browsers when t...
JetBrains TeamCity backup files exposed user credentials and session cookies in versions before 2024.12. This vulnerability allows attackers with access to backup files to steal authentication data. O...
JetBrains TeamCity versions before 2024.12 have a cross-site scripting (XSS) vulnerability in the RemoteBuildLogController due to missing Content-Type headers in responses. This allows attackers to in...
This vulnerability in JetBrains TeamCity allows unauthorized users to modify build logs due to improper access control. It affects organizations using TeamCity for CI/CD pipelines where unauthorized u...
This vulnerability in JetBrains TeamCity allows access tokens to remain valid after user roles are removed, potentially enabling unauthorized access. It affects TeamCity instances before version 2024....
This vulnerability in JetBrains TeamCity allows passwords to be exposed through the Sonar runner REST API. Attackers could potentially retrieve sensitive credentials from improperly configured systems...
This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to write backup files to arbitrary locations on the server. Attackers could potentially overwrite critical...
This vulnerability in JetBrains TeamCity allows attackers to enumerate open ports on the server when testing Perforce connections. It affects organizations using TeamCity with Perforce integration. Th...
This vulnerability in JetBrains TeamCity allows attackers to load malicious extensions via Maven embedder through project configuration. It affects TeamCity instances with Maven build configurations. ...
This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into the agentpushInstall page, which are then executed when users view that pag...
This vulnerability in JetBrains TeamCity allows attackers to disclose local file paths through improper repository URL validation. It affects TeamCity servers with repository integrations configured. ...
This vulnerability in JetBrains TeamCity allows improper access control that could expose GitHub App token metadata. It affects organizations using TeamCity CI/CD servers with GitHub App integrations....