CVE-2024-36374

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03.2

Description The issue is related to a configuration vulnerability in the JetBrains TeamCity CI/CD system, specifically concerning the lack of protection for the web page structure. This could allow a remote attacker to conduct cross-site scripting attacks. The vulnerability is exploited through stored XSS via build step settings.

Recommendations For versions prior to 2024.03.2, update to version 2024.03.2 or later to resolve the issue. As a temporary workaround, consider restricting access to build step settings to minimize the risk of exploitation.