PT-2024-3935 · Jetbrains · Teamcity
Published
2024-05-29
·
Updated
2026-03-02
·
CVE-2024-36366
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
JetBrains TeamCity versions prior to 2022.04.7
JetBrains TeamCity versions prior to 2022.10.6
JetBrains TeamCity versions prior to 2023.05.6
JetBrains TeamCity versions prior to 2023.11.5
Description:
The issue allows for an XSS attack to be executed via certain report grouping and filtering operations. This is due to a lack of protection for the web page structure, which can be exploited by a remote attacker to conduct cross-site scripting attacks.
Recommendations:
For versions prior to 2022.04.7, update to version 2022.04.7 or later.
For versions prior to 2022.10.6, update to version 2022.10.6 or later.
For versions prior to 2023.05.6, update to version 2023.05.6 or later.
For versions prior to 2023.11.5, update to version 2023.11.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teamcity