CVE-2024-31134

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03

Description The issue is related to weaknesses in the authorization mechanism of JetBrains TeamCity, a continuous integration and deployment system. This weakness can be exploited by a remote attacker to register arbitrary users in the system, even when self-registration is disabled. Authenticated users without administrative permissions could register other users.

Recommendations For versions prior to 2024.03, update to version 2024.03 or later to resolve the issue. As a temporary workaround, consider disabling the self-registration feature to minimize the risk of exploitation. Restrict access to user registration functionality to minimize the risk of unauthorized user creation.