In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS
Page 1+ Next →