PT-2024-3856 · Jetbrains · Teamcity
Published
2024-05-29
·
Updated
2024-05-31
·
CVE-2024-36470
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JetBrains TeamCity versions prior to 2022.04.7
JetBrains TeamCity versions prior to 2022.10.6
JetBrains TeamCity versions prior to 2023.05.6
JetBrains TeamCity versions prior to 2023.11.5
Description
The issue is related to an authentication bypass in the JetBrains TeamCity system, which can be exploited by using an alternative path or channel. This allows a remote attacker to bypass authentication procedures and potentially elevate their privileges. The vulnerability can be exploited in specific edge cases.
Recommendations
For versions prior to 2022.04.7, update to version 2022.04.7 or later.
For versions prior to 2022.10.6, update to version 2022.10.6 or later.
For versions prior to 2023.05.6, update to version 2023.05.6 or later.
For versions prior to 2023.11.5, update to version 2023.11.5 or later.
Fix
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teamcity