XSS Vulnerability in JetBrains TeamCity Plugin Vendor URL
CVE-2023-34222

6.1MEDIUM

Key Information:

Vendor

JetBrains

Status
Vendor
CVE Published:
31 May 2023

What is CVE-2023-34222?

The reported vulnerability in JetBrains TeamCity allows for potential Cross-Site Scripting (XSS) attacks through the Plugin Vendor URL. This issue could enable malicious actors to inject and execute harmful scripts, putting user data and application integrity at risk. Users and administrators are advised to upgrade to the latest version, released in May 2023, to mitigate these risks.

Affected Version(s)

TeamCity 0 < 2023.05

References

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.