Open Redirect Vulnerability in JetBrains TeamCity Product
CVE-2023-34224

4.8MEDIUM

Key Information:

Vendor: JetBrains
Status: TeamCity
Vendor: CVE Published:; 31 May 2023

What is CVE-2023-34224?

An open redirect vulnerability was identified in JetBrains TeamCity prior to version 2023.05. This flaw occurs during the oAuth configuration process, enabling attackers to manipulate redirect URLs. By exploiting this issue, unauthorized users can gain access to sensitive resources, potentially compromising user credentials and system integrity. It is crucial for users of the affected versions to update their software to mitigate this vulnerability.

Affected Version(s)

TeamCity 0 < 2023.05

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2023
Vulnerability Reserved
May 31, 2023