Exposure of TeamCity
CI43
exposure score
1
sites use
3
exploited
4
critical
CVEs
176 resultsCVE-2024-36366MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering oEPSS 0.3%CVE-2024-39878MEDIUMIn JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App ConnectionEPSS 0.3%CVE-2025-54531HIGHIn JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on WindowsEPSS 0.3%CVE-2024-41825MEDIUMIn JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tabEPSS 0.3%CVE-2024-43810MEDIUMIn JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core pluginEPSS 0.3%CVE-2024-56348MEDIUMIn JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agentsEPSS 0.3%CVE-2024-56350MEDIUMIn JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projectsEPSS 0.3%CVE-2024-56349MEDIUMIn JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logsEPSS 0.3%CVE-2024-35302MEDIUMIn JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possibleEPSS 0.3%CVE-2024-36367MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possibleEPSS 0.3%CVE-2024-36372MEDIUMIn JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possibleEPSS 0.3%CVE-2024-36370MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possibleEPSS 0.3%CVE-2024-36374MEDIUMIn JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possibleEPSS 0.3%CVE-2024-36373MEDIUMIn JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possibleEPSS 0.3%CVE-2024-36368MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possibleEPSS 0.3%CVE-2024-36369MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possibleEPSS 0.3%CVE-2024-36363MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possibleEPSS 0.3%CVE-2024-35301MEDIUMIn JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App tokenEPSS 0.3%CVE-2025-57733MEDIUMIn JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email contentEPSS 0.3%CVE-2025-24460MEDIUMIn JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent poolEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →