XSS vulnerability found in TeamCity before 2024.07
CVE-2024-41826
4.8MEDIUM
Summary
A stored XSS vulnerability exists in JetBrains TeamCity prior to version 2024.07, exposing users to potential attacks where harmful scripts can be executed through the Show Connection page. This allows attackers to manipulate the content displayed to users, potentially leading to unauthorized access and exploitation of sensitive data. Users of affected versions are advised to upgrade to the latest release to mitigate these risks and ensure robust web application security.
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published