2FA Bypass Vulnerability in JetBrains TeamCity Before 2024.03
CVE-2024-31136

7.4HIGH

Key Information:

Vendor

Jetbrains
Status
Teamcity
Vendor
CVE Published:
28 March 2024

What is CVE-2024-31136?

A security vulnerability in JetBrains TeamCity prior to version 2024.03 allows attackers to bypass the two-factor authentication (2FA) mechanism by crafting a specific URL parameter. This exploitation can lead to unauthorized access to sensitive information and accounts, posing significant security risks to organizations utilizing the software. Ensuring that users update to the latest version is crucial to mitigate potential threats related to this vulnerability.

Affected Version(s)

TeamCity 0 < 2024.03

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.