CVE-2024-35301

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03.1

Description The issue is related to the commit status publisher in JetBrains TeamCity not checking the project scope of the GitHub App token, which can lead to incorrect handling of insufficient permissions or privileges. This can allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 2024.03.1, update to version 2024.03.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the GitHub App token to minimize the risk of exploitation.