cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-56353,https://securityvulnerability.io/vulnerability/CVE-2024-56353,Credential Exposure Vulnerability in JetBrains TeamCity,"CVE-2024-56353 describes a critical vulnerability found in JetBrains TeamCity versions prior to 2024.12. This issue arises due to the exposure of user credentials and session cookies within backup files, potentially allowing unauthorized access to sensitive user accounts and data. Organizations using affected versions of TeamCity are strongly advised to review their backup security configurations and update to the latest version to mitigate this vulnerability.",JetBrains,Teamcity,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56355,https://securityvulnerability.io/vulnerability/CVE-2024-56355,Cross-Site Scripting Vulnerability in JetBrains TeamCity,"CVE-2024-56355 identifies a critical cross-site scripting (XSS) vulnerability in JetBrains TeamCity prior to version 2024.12. The flaw arises from a missing Content-Type header in the response of the RemoteBuildLogController, allowing attackers to inject malicious scripts into web pages viewed by TeamCity users. This vulnerability could lead to unauthorized access to sensitive information or session hijacking. It is crucial for administrators and users to update their systems to mitigate the risks associated with this vulnerability.",JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56354,https://securityvulnerability.io/vulnerability/CVE-2024-56354,Sensitive Data Exposure Vulnerability in JetBrains TeamCity,"CVE-2024-56354 is a high-severity security vulnerability affecting JetBrains TeamCity prior to version 2024.12. This vulnerability allows users granted the 'view settings' permission to access sensitive information, specifically the values contained in password fields. Such unauthorized access could lead to significant security risks, including credential leakage and potential compromise of systems. Users are strongly advised to update to the latest version to mitigate this issue and safeguard their sensitive data.",JetBrains,Teamcity,4.9,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56350,https://securityvulnerability.io/vulnerability/CVE-2024-56350,Unauthorized Project Access in JetBrains TeamCity,"A significant security flaw has been identified in JetBrains TeamCity versions prior to 2024.12, which permits unauthorized users to view project details without appropriate permissions. This vulnerability poses a serious risk to data confidentiality and can facilitate further attacks if exploited. Organizations utilizing affected versions of TeamCity should prioritize applying the latest security updates to safeguard their projects against unauthorized access.",JetBrains,Teamcity,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56356,https://securityvulnerability.io/vulnerability/CVE-2024-56356,Insecure XML Parser Configuration in JetBrains TeamCity,"CVE-2024-56356 pertains to a security vulnerability found in JetBrains TeamCity prior to version 2024.12, where an insecure XML parser configuration may permit unauthorized manipulation of XML data. This misconfiguration can result in an XML External Entity (XXE) attack, potentially leading to exposure of sensitive information and unauthorized system access. Users of TeamCity are highly encouraged to upgrade to the latest version to mitigate this risk and ensure the security of their CI/CD pipelines.",JetBrains,Teamcity,7.1,HIGH,0.0004900000058114529,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56352,https://securityvulnerability.io/vulnerability/CVE-2024-56352,Stored XSS Vulnerability in JetBrains TeamCity Affecting Agent Details Page,"CVE-2024-56352 exposes JetBrains TeamCity to a stored cross-site scripting (XSS) vulnerability. This flaw allows an attacker to inject malicious scripts through manipulated image names on the agent details page. When this page is accessed, the embedded scripts can execute in the context of the user's session, potentially leading to unauthorized actions or data exposure. Organizations using affected TeamCity versions should prioritize applying available security updates to mitigate the risk.",JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56349,https://securityvulnerability.io/vulnerability/CVE-2024-56349,Access Control Flaw in JetBrains TeamCity Exposes Build Logs,"CVE-2024-56349 is a significant access control vulnerability identified in JetBrains TeamCity versions prior to 2024.12. This flaw permits unauthorized users to modify build logs, potentially leading to security breaches and manipulation of build information. As this access control failure can enable malicious actors to alter critical build processes and outputs, it poses a serious risk to the integrity and reliability of applications using TeamCity for continuous integration and deployment. It is vital for organizations using affected versions of TeamCity to apply relevant security patches and updates promptly.",JetBrains,Teamcity,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56348,https://securityvulnerability.io/vulnerability/CVE-2024-56348,Improper Access Control Vulnerability in JetBrains TeamCity,"CVE-2024-56348 is a critical security vulnerability found in JetBrains TeamCity versions prior to 2024.12. The flaw arises from improper access control mechanisms that permit unauthorized users to view sensitive information related to agents that should be restricted. This vulnerability poses a significant risk as it could potentially lead to the exposure of confidential information and compromise the integrity of the TeamCity environment. Users are strongly advised to update to version 2024.12 or later to mitigate this security risk. For more details and updates, refer to the JetBrains security issue tracker.",JetBrains,Teamcity,4.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-56351,https://securityvulnerability.io/vulnerability/CVE-2024-56351,Access Token Management Flaw in JetBrains TeamCity,"CVE-2024-56351 identifies a significant security vulnerability in JetBrains TeamCity up to version 2024.11, where access tokens remain active even after a user’s roles are revoked. This oversight allows malicious actors to maintain unauthorized access to sensitive functions and data within the application, leading to potential data breaches or manipulation. Users of affected versions are strongly urged to apply the latest security updates to mitigate the risks associated with this vulnerability, as it poses a serious threat to the integrity of user access controls.",JetBrains,Teamcity,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-12-20T15:15:00.000Z,0
CVE-2024-47951,https://securityvulnerability.io/vulnerability/CVE-2024-47951,Server-Side XSS Vulnerability in TeamCity Before 2024.07.3,A stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts via server global settings. This could result in unauthorized access and manipulation of user data. Users are advised to update to version 2024.07.3 or later to mitigate this security risk.,Jetbrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-08T15:48:16.659Z,0
CVE-2024-47950,https://securityvulnerability.io/vulnerability/CVE-2024-47950,XSS vulnerability in Backup configuration settings,In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings,Jetbrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-08T15:48:16.097Z,0
CVE-2024-47949,https://securityvulnerability.io/vulnerability/CVE-2024-47949,Backup file write vulnerability in TeamCity before 2024.07.3,"A path traversal vulnerability in JetBrains TeamCity prior to version 2024.07.3 permits unauthorized access, allowing attackers to write backup files to arbitrary locations within the filesystem. This flaw stems from insufficient validation of file paths, potentially leading to data exposure or system compromise. Users are advised to upgrade to the latest version to mitigate any associated risks and enhance overall security.",Jetbrains,Teamcity,7.5,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-10-08T15:48:15.267Z,0
CVE-2024-47948,https://securityvulnerability.io/vulnerability/CVE-2024-47948,Backup Bugs Endanger TeamCity Data,"A path traversal vulnerability exists in JetBrains TeamCity, allowing attackers to exploit server backups to access sensitive information. This security flaw affects versions prior to 2024.07.3, whereby an improper validation of user input can lead to unauthorized access to files outside the intended directory structure. Organizations utilizing this software are encouraged to upgrade to the latest version to mitigate any potential risks associated with this vulnerability.",Jetbrains,Teamcity,7.5,HIGH,0.0008999999845400453,false,false,false,false,,false,false,2024-10-08T15:48:14.612Z,0
CVE-2024-47161,https://securityvulnerability.io/vulnerability/CVE-2024-47161,Password Exposure Risk in TeamCity via Sonar Runner REST API,"A security vulnerability has been identified in JetBrains TeamCity that allows for the potential exposure of passwords through the Sonar runner REST API. This issue affects versions of TeamCity released before 2024.07.3, where improper handling of sensitive data may expose user credentials to unauthorized access. Addressing this vulnerability is crucial to maintaining the integrity and security of user systems.",Jetbrains,Teamcity,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-10-08T15:48:13.869Z,0
CVE-2024-43809,https://securityvulnerability.io/vulnerability/CVE-2024-43809,XSS vulnerability in TeamCity agentPushPreset page,In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page,JetBrains,Teamcity,6.1,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-08-16T15:15:00.000Z,0
CVE-2024-43808,https://securityvulnerability.io/vulnerability/CVE-2024-43808,Self-XSS vulnerability in JetBrains TeamCity 2024.07.1 HashiCorp Vault plugin,In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin,JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-16T15:15:00.000Z,0
CVE-2024-43807,https://securityvulnerability.io/vulnerability/CVE-2024-43807,Stored XSS vulnerability in TeamCity Clouds page,"A vulnerability exists in JetBrains TeamCity, specifically affecting versions released prior to 2024.07.1. This issue involves multiple stored cross-site scripting (XSS) vulnerabilities present on the Clouds page. Attackers can exploit these vulnerabilities to inject malicious scripts, potentially compromising user data and session integrity. Effective mitigation strategies and updates are essential for maintaining the security of user interactions within the JetBrains TeamCity environment.",JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-16T15:15:00.000Z,0
CVE-2024-43810,https://securityvulnerability.io/vulnerability/CVE-2024-43810,XSS vulnerability in TeamCity's AWS Core plugin,In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin,JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-08-16T15:15:00.000Z,0
CVE-2024-43114,https://securityvulnerability.io/vulnerability/CVE-2024-43114,Potential Privilege Escalation in TeamCity Before 2024.07.1,"A privilege escalation vulnerability exists in JetBrains TeamCity versions prior to 2024.07.1, where improper configuration of directory permissions may allow unauthorized users to gain elevated privileges. This flaw could lead to unauthorized access and manipulation of sensitive information, emphasizing the importance of updating to the latest version to mitigate security risks.",Jetbrains,Teamcity,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-08-06T12:48:25.886Z,0
CVE-2024-41826,https://securityvulnerability.io/vulnerability/CVE-2024-41826,XSS vulnerability found in TeamCity before 2024.07,"A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2024.07, exposing users to potential attacks where harmful scripts can be executed through the Show Connection page. This allows attackers to manipulate the content displayed to users, potentially leading to unauthorized access and exploitation of sensitive data. Users of affected versions are advised to upgrade to the latest release to mitigate these risks and ensure robust web application security.",JetBrains,Teamcity,4.8,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-07-22T15:15:00.000Z,0
CVE-2024-41829,https://securityvulnerability.io/vulnerability/CVE-2024-41829,TeamCity OAuth Code Theft Vulnerability,"In JetBrains TeamCity prior to version 2024.07, a security vulnerability exists that allows for the potential theft of OAuth authentication codes when connected to JetBrains Space. This issue arises from improper handling of OAuth tokens, which could expose sensitive information to attackers, compromising user accounts and associated data. The vulnerability underscores the importance of implementing robust security measures and updating to the latest versions to mitigate risks related to OAuth connections.",JetBrains,Teamcity,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-07-22T15:15:00.000Z,0
CVE-2024-41824,https://securityvulnerability.io/vulnerability/CVE-2024-41824,Password Leaks in TeamCity Build Logs,"In JetBrains TeamCity before 2024.07 parameters of the ""password"" type could leak into the build log in some specific cases",Jetbrains,Teamcity,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-07-22T15:15:00.000Z,0
CVE-2024-41825,https://securityvulnerability.io/vulnerability/CVE-2024-41825,Code Inspection Vulnerability in TeamCity Before 2024.07,In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab,JetBrains,Teamcity,5.4,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-07-22T15:15:00.000Z,0
CVE-2024-41828,https://securityvulnerability.io/vulnerability/CVE-2024-41828,Authorization Token Comparison Took Non-Constant Time in Previous Versions of TeamCity,In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time,JetBrains,Teamcity,6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-07-22T15:15:00.000Z,0
CVE-2024-41827,https://securityvulnerability.io/vulnerability/CVE-2024-41827,Access Tokens Persisted After Deletion or Expiration in Previous JetBrains TeamCity Versions,"In JetBrains TeamCity versions prior to 2024.07, an access token vulnerability exists that allows tokens to remain operational even after being deleted or past their expiration date. This flaw can potentially lead to unauthorized access by allowing former tokens to bypass authentication controls, thereby exposing sensitive project data. It's essential for users and organizations utilizing TeamCity to apply the latest updates to ensure security and mitigate risks associated with this vulnerability.",Jetbrains,Teamcity,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-07-22T14:50:23.371Z,0