Password Parameter Exposure in JetBrains TeamCity
CVE-2023-38067

4.3MEDIUM

Key Information:

Vendor

Jetbrains

Status
Vendor
CVE Published:
12 July 2023

What is CVE-2023-38067?

In JetBrains TeamCity versions prior to 2023.05.1, a vulnerability allowed sensitive information, specifically parameters of the 'password' type, to be unintentionally written to agent logs. This exposure of confidential data poses a risk to user credentials and authentication integrity, potentially enabling unauthorized access to sensitive systems.

Affected Version(s)

TeamCity 0 < 2023.05.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.