Improper Access Control in JetBrains TeamCity API
CVE-2024-36377

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 29 May 2024

What is CVE-2024-36377?

A security vulnerability exists in JetBrains TeamCity prior to version 2024.03.2, where certain API endpoints inadequately verify user permissions. This oversight can potentially allow unauthorized users to access sensitive functions and information within the system, leading to unauthorized actions and data exposure.

Affected Version(s)

TeamCity 0 < 2024.03.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2024
Vulnerability Reserved
May 24, 2024

Jetbrains

What is CVE-2024-36377?

Affected Version(s)

References

CVSS V3.1

Timeline