CVE-2024-36377

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.03.2

Description The issue is related to insufficient authorization procedures in JetBrains TeamCity, a continuous integration and continuous delivery (CI/CD) system. This allows a remote attacker to potentially exploit the weakness and elevate their privileges. Certain TeamCity API endpoints did not properly check user permissions.

Recommendations For versions prior to 2024.03.2, update to version 2024.03.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected TeamCity API endpoints until the update is applied.