Exposure of TeamCity
CI43
exposure score
1
sites use
3
exploited
4
critical
CVEs
176 resultsCVE-2023-50870MEDIUMIn JetBrains TeamCity before 2023.11.1 a CSRF on login was possibleEPSS 0.3%CVE-2023-41250LOWIn JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registrationEPSS 0.3%CVE-2025-31141LOWIn JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles pageEPSS 0.3%CVE-2022-48342MEDIUMIn JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on agents.EPSS 0.3%CVE-2023-41248MEDIUMIn JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configurationEPSS 0.3%CVE-2024-41826LOWIn JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection pageEPSS 0.3%CVE-2024-24936MEDIUMIn JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missedEPSS 0.3%CVE-2024-56353MEDIUMIn JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookiesEPSS 0.3%CVE-2024-47161MEDIUMIn JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST APIEPSS 0.3%CVE-2025-24461MEDIUMIn JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpointEPSS 0.3%CVE-2024-41824MEDIUMIn JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific casesEPSS 0.3%CVE-2024-56354MEDIUMIn JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permissionEPSS 0.3%CVE-2024-56351MEDIUMIn JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user rolesEPSS 0.3%CVE-2024-35300LOWIn JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page were possibleEPSS 0.3%CVE-2022-40979MEDIUMIn JetBrains TeamCity before 2022.04.4 environmental variables of "password" type could be logged when using custom Perforce executableEPSS 0.3%CVE-2024-39879MEDIUMIn JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settingsEPSS 0.3%CVE-2025-52878MEDIUMIn JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissionsEPSS 0.3%CVE-2026-49372HIGHIn JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possibleEPSS 0.3%CVE-2024-41828LOWIn JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant timeEPSS 0.3%CVE-2024-36365MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agentEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →