CVE-2024-56351

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12

Description: The issue is related to the incorrect session expiration in the JetBrains TeamCity CI/CD system. Exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. In JetBrains TeamCity, access tokens were not revoked after removing user roles, which could lead to unauthorized access.

Recommendations: For versions prior to 2024.12, update to version 2024.12 or later to ensure access tokens are properly revoked after user roles are removed. As a temporary workaround, consider manually revoking access tokens after removing user roles to minimize the risk of exploitation.