In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack