Open Redirect Vulnerability in JetBrains TeamCity Product
CVE-2023-34224

4.8MEDIUM

Key Information:

Vendor
JetBrains
Status
TeamCity
Vendor
CVE Published:
31 May 2023

Summary

An open redirect vulnerability was identified in JetBrains TeamCity prior to version 2023.05. This flaw occurs during the oAuth configuration process, enabling attackers to manipulate redirect URLs. By exploiting this issue, unauthorized users can gain access to sensitive resources, potentially compromising user credentials and system integrity. It is crucial for users of the affected versions to update their software to mitigate this vulnerability.

Affected Version(s)

TeamCity 0 < 2023.05

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.