Improper Authorization of Presigned URL Generation Requests in S3 Artifact Storage Plugin
CVE-2024-28174

5.8MEDIUM

Key Information:

Vendor

Jetbrains

Status
Vendor
CVE Published:
6 March 2024

What is CVE-2024-28174?

The JetBrains TeamCity platform has a vulnerability in its S3 Artifact Storage plugin that affects versions prior to 2023.11.4. This issue arises from improper authorization during the generation of presigned URLs, which may allow unauthorized users to access sensitive artifacts stored in S3. As a result, potentially sensitive information could be exposed or manipulated by individuals without the necessary permissions. Users of affected versions are strongly advised to update to the latest version to mitigate these risks.

Affected Version(s)

TeamCity 0 < 2023.11.4

References

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.