JetBrains ≫ Teamcity

In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.

In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly.

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible.

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.

In the TeamCity IntelliJ plugin before 2020.2.2.85899, DoS was possible.

In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file.