CVE-2024-31138

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03

Description The issue is related to the configuration of the agent distribution in the JetBrains TeamCity system, which is a continuous integration and continuous delivery (CI/CD) platform. It allows for cross-site scripting (xSS) attacks due to inadequate protection of the web page structure. This could enable a remote attacker to perform inter-site scripting attacks.

Recommendations For versions prior to 2024.03, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Agent Distribution settings until a patch is available.