Improper Access Control in JetBrains TeamCity API
CVE-2024-36377

8.1HIGH

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 29 May 2024

Summary

A security vulnerability exists in JetBrains TeamCity prior to version 2024.03.2, where certain API endpoints inadequately verify user permissions. This oversight can potentially allow unauthorized users to access sensitive functions and information within the system, leading to unauthorized actions and data exposure.

Affected Version(s)

TeamCity 0 < 2024.03.2

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2024
Vulnerability Reserved
May 24, 2024