XSS Vulnerability in JetBrains TeamCity Plugin Vendor URL
CVE-2023-34222
6.1MEDIUM
What is CVE-2023-34222?
The reported vulnerability in JetBrains TeamCity allows for potential Cross-Site Scripting (XSS) attacks through the Plugin Vendor URL. This issue could enable malicious actors to inject and execute harmful scripts, putting user data and application integrity at risk. Users and administrators are advised to upgrade to the latest version, released in May 2023, to mitigate these risks.
Affected Version(s)
TeamCity 0 < 2023.05
References
EPSS Score
30% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved