Unauthorized Actions in TeamCity Before 2024.03.2
CVE-2024-36376

8.1HIGH

Key Information:

Vendor

Jetbrains
Status
Teamcity
Vendor
CVE Published:
29 May 2024

What is CVE-2024-36376?

In JetBrains TeamCity versions prior to 2024.03.2, an authorization bypass vulnerability allows users to perform actions beyond their granted permissions. This can lead to unauthorized access to sensitive functionalities within the application, potentially compromising security and data integrity.

Affected Version(s)

TeamCity 0 < 2024.03.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.