In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms