Jetbrains: >> Teamcity >> 2.0 Security Vulnerabilities
In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVSS Score
2.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-25
In JetBrains TeamCity before 2025.11 port enumeration was possible via the Perforce connection test
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup
CVSS Score
5.4
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab
CVSS Score
5.4
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 excessive privileges were possible due to storing GitHub personal access token instead of an installation token
CVSS Score
6.5
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11.1 reflected XSS was possible on the storage settings page
CVSS Score
5.4
EPSS Score
0.002
Published
2025-12-16
In JetBrains TeamCity before 2025.11 maven embedder allowed loading extensions via project configuration
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-16
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page
CVSS Score
3.5
EPSS Score
0.0
Published
2025-12-16
Page 1