Stored XSS in JetBrains TeamCity Affects Cloud Profiles Configuration
CVE-2023-41248

4.6MEDIUM

Key Information:

Vendor

Jetbrains

Status
Vendor
CVE Published:
25 August 2023

What is CVE-2023-41248?

A stored cross-site scripting vulnerability exists in JetBrains TeamCity affecting the configuration of Cloud Profiles. This issue allows an attacker to inject malicious scripts into the affected environment, potentially jeopardizing the security of user sessions and impacting the integrity of the application. Users of versions prior to 2023.05.3 should update promptly to mitigate the risk associated with this vulnerability.

Affected Version(s)

TeamCity 0 < 2023.05.3

References

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.