2FA Bypass Vulnerability in JetBrains TeamCity Before 2024.03
CVE-2024-31136

7.4HIGH

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 28 March 2024

Summary

A security vulnerability in JetBrains TeamCity prior to version 2024.03 allows attackers to bypass the two-factor authentication (2FA) mechanism by crafting a specific URL parameter. This exploitation can lead to unauthorized access to sensitive information and accounts, posing significant security risks to organizations utilizing the software. Ensuring that users update to the latest version is crucial to mitigate potential threats related to this vulnerability.

Affected Version(s)

TeamCity 0 < 2024.03

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 28, 2024