In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration