XSS vulnerability found in TeamCity before 2024.07
CVE-2024-41826

4.8MEDIUM

Key Information:

Vendor
JetBrains
Status
Vendor
CVE Published:
22 July 2024

Summary

A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2024.07, exposing users to potential attacks where harmful scripts can be executed through the Show Connection page. This allows attackers to manipulate the content displayed to users, potentially leading to unauthorized access and exploitation of sensitive data. Users of affected versions are advised to upgrade to the latest release to mitigate these risks and ensure robust web application security.

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.