Improper Authorization of Presigned URL Generation Requests in S3 Artifact Storage Plugin
CVE-2024-28174
5.8MEDIUM
What is CVE-2024-28174?
The JetBrains TeamCity platform has a vulnerability in its S3 Artifact Storage plugin that affects versions prior to 2023.11.4. This issue arises from improper authorization during the generation of presigned URLs, which may allow unauthorized users to access sensitive artifacts stored in S3. As a result, potentially sensitive information could be exposed or manipulated by individuals without the necessary permissions. Users of affected versions are strongly advised to update to the latest version to mitigate these risks.
Affected Version(s)
TeamCity 0 < 2023.11.4