CVE-2024-36368

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5

Description The issue exists due to insufficient protection of the web page structure in the continuous integration and delivery system (CI/CD) JetBrains TeamCity. Exploitation of this issue may allow a remote attacker to conduct cross-site scripting attacks via the OAuth provider configuration.

Recommendations For versions prior to 2022.04.7, update to version 2022.04.7 or later. For versions prior to 2022.10.6, update to version 2022.10.6 or later. For versions prior to 2023.05.6, update to version 2023.05.6 or later. For versions prior to 2023.11.5, update to version 2023.11.5 or later. As a temporary workaround, consider restricting access to the OAuth provider configuration until a patch is available.