XSS vulnerability found in TeamCity before 2024.07
CVE-2024-41826

4.8MEDIUM

Key Information:

Vendor: JetBrains
Status: Teamcity
Vendor: CVE Published:; 22 July 2024

Summary

A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2024.07, exposing users to potential attacks where harmful scripts can be executed through the Show Connection page. This allows attackers to manipulate the content displayed to users, potentially leading to unauthorized access and exploitation of sensitive data. Users of affected versions are advised to upgrade to the latest release to mitigate these risks and ensure robust web application security.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2024