XSS Vulnerability in JetBrains TeamCity Plugin Vendor URL
CVE-2023-34222

6.1MEDIUM

Key Information:

Vendor: JetBrains
Status: TeamCity
Vendor: CVE Published:; 31 May 2023

What is CVE-2023-34222?

The reported vulnerability in JetBrains TeamCity allows for potential Cross-Site Scripting (XSS) attacks through the Plugin Vendor URL. This issue could enable malicious actors to inject and execute harmful scripts, putting user data and application integrity at risk. Users and administrators are advised to upgrade to the latest version, released in May 2023, to mitigate these risks.

Affected Version(s)

TeamCity 0 < 2023.05

References

https://www.jetbrains.com/privacy-security/issues-fixed/

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2023
Vulnerability Reserved
May 31, 2023