PT-2024-3947 · Jetbrains · Teamcity
Published
2024-05-29
·
Updated
2024-12-16
·
CVE-2024-36362
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JetBrains TeamCity versions prior to 2022.04.7
JetBrains TeamCity versions prior to 2022.10.6
JetBrains TeamCity versions prior to 2023.05.6
JetBrains TeamCity versions prior to 2023.11.5
JetBrains TeamCity versions prior to 2024.03.2
Description
The issue is related to path traversal errors in the JetBrains TeamCity continuous integration and continuous delivery (CI/CD) system, allowing an attacker to read arbitrary files from the server. This can be exploited by a remote attacker.
Recommendations
For versions prior to 2022.04.7, update to version 2022.04.7 or later.
For versions prior to 2022.10.6, update to version 2022.10.6 or later.
For versions prior to 2023.05.6, update to version 2023.05.6 or later.
For versions prior to 2023.11.5, update to version 2023.11.5 or later.
For versions prior to 2024.03.2, update to version 2024.03.2 or later.
Fix
Path traversal
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Teamcity