CVE-2024-31136

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03

Description The issue is related to improper validation in JetBrains TeamCity, allowing an attacker to bypass 2FA by providing a special URL parameter. This could potentially allow a remote attacker to elevate their privileges. The vulnerability is associated with incorrect input data consistency checks.

Recommendations For versions prior to 2024.03, update to version 2024.03 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation. Avoid using specially crafted URL parameters in the affected application until the issue is resolved.