Improper Authorization of Presigned URL Generation Requests in S3 Artifact Storage Plugin
CVE-2024-28174

5.8MEDIUM

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 6 March 2024

What is CVE-2024-28174?

The JetBrains TeamCity platform has a vulnerability in its S3 Artifact Storage plugin that affects versions prior to 2023.11.4. This issue arises from improper authorization during the generation of presigned URLs, which may allow unauthorized users to access sensitive artifacts stored in S3. As a result, potentially sensitive information could be exposed or manipulated by individuals without the necessary permissions. Users of affected versions are strongly advised to update to the latest version to mitigate these risks.

Affected Version(s)

TeamCity 0 < 2023.11.4

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Mar 6, 2024

Jetbrains

What is CVE-2024-28174?

Affected Version(s)

References

CVSS V3.1

Timeline