In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
In JetBrains TeamCity before 2026.1
2025.11.5 authenticated users could expose server API to unauthorised access
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
Page 1+ Next →