PT-2024-9850 · Jetbrains · Jetbrains Teamcity+1
Published
2024-12-20
·
Updated
2025-01-02
·
CVE-2024-56350
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
JetBrains TeamCity versions prior to 2024.12
Description:
The issue is related to a lack of authorization in the JetBrains TeamCity system, which can be exploited by a remote attacker to impact the integrity of protected information. This allows unauthorized viewing of projects due to build credentials not being properly secured.
Recommendations:
For versions prior to 2024.12, update to version 2024.12 or later to resolve the issue. As a temporary workaround, consider restricting access to build credentials to minimize the risk of unauthorized project viewing.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetbrains Teamcity
Teamcity