In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page
In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
Page 1+ Next →