Agent Permissions Vulnerability Affects TeamCity Users

CVE-2024-29880

7.8HIGH

Key Information

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 21 March 2024

Summary

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

Affected Version(s)

TeamCity < 2023.11

Refferences

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Mar 21, 2024
Vulnerability published
Mar 21, 2024

Collectors

NVD DatabaseMitre Database

.