CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31141
https://notcve.org/view.php?id=CVE-2025-31141
27 Mar 2025 — In JetBrains TeamCity before 2025.03 exception could lead to credential leakage on Cloud Profiles page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31140
https://notcve.org/view.php?id=CVE-2025-31140
27 Mar 2025 — In JetBrains TeamCity before 2025.03 stored XSS was possible on Cloud Profiles page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31139
https://notcve.org/view.php?id=CVE-2025-31139
27 Mar 2025 — In JetBrains TeamCity before 2025.03 base64 encoded password could be exposed in build log • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26492
https://notcve.org/view.php?id=CVE-2025-26492
11 Feb 2025 — In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26493
https://notcve.org/view.php?id=CVE-2025-26493
11 Feb 2025 — In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24461
https://notcve.org/view.php?id=CVE-2025-24461
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24460
https://notcve.org/view.php?id=CVE-2025-24460
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent pool • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24459
https://notcve.org/view.php?id=CVE-2025-24459
21 Jan 2025 — In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56356
https://notcve.org/view.php?id=CVE-2024-56356
20 Dec 2024 — In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-56355
https://notcve.org/view.php?id=CVE-2024-56355
20 Dec 2024 — In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS • https://www.jetbrains.com/privacy-security/issues-fixed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •