CVE-2024-41828

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2024.07

Description The issue is related to a flaw in the authorization procedure of JetBrains TeamCity, a continuous integration and continuous deployment (CI/CD) system. This flaw arises from the non-constant time comparison of authorization tokens, which can be exploited by a remote attacker to impact the confidentiality of protected information.

Recommendations For versions prior to 2024.07, update to version 2024.07 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system that rely on authorization tokens until the update can be applied.