PT-2025-5367 · Jetbrains · Teamcity
Published
2025-01-21
·
Updated
2025-01-30
·
CVE-2025-24461
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JetBrains TeamCity versions prior to 2024.12.1
Description
The issue allows decryption of connection secrets without proper permissions via the "Test Connection" endpoint. This is related to incorrect authorization in the system.
Recommendations
For JetBrains TeamCity versions prior to 2024.12.1, consider disabling the "Test Connection" endpoint until a patch is available. Restrict access to connection secrets to minimize the risk of exploitation.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Teamcity