CVE-2022-24340

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2021.2.1

Description The issue allows for XXE (XML External Entity) attacks during the parsing of the configuration file. This could potentially lead to unauthorized access to sensitive data. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 2021.2.1, update to version 2021.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration file to minimize the risk of exploitation.