PT-2022-27989 · Jetbrains · Teamcity
Published
2022-12-08
·
Updated
2022-12-12
·
CVE-2022-46831
CVSS v3.1
6.6
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
JetBrains TeamCity versions 2022.10 through 2022.10.1
Description
The issue allows TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators when connecting to AWS using the "Default Credential Provider Chain".
Recommendations
For versions 2022.10 through 2022.10.1, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to AWS resources for project administrators until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teamcity