Stored XSS Vulnerability in JetBrains TeamCity Software
CVE-2023-34220

5.4MEDIUM

Key Information:

Vendor

JetBrains

Status
Vendor
CVE Published:
31 May 2023

What is CVE-2023-34220?

A vulnerability in JetBrains TeamCity prior to version 2023.05 allows for stored Cross-Site Scripting (XSS) within the Commit Status Publisher window. This flaw can be exploited by attackers to inject malicious scripts that affect users interacting with affected components, potentially leading to unauthorized actions and compromised data integrity.

Affected Version(s)

TeamCity 0 < 2023.05

References

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.