Access Tokens Persisted After Deletion or Expiration in Previous JetBrains TeamCity Versions
CVE-2024-41827

9.8CRITICAL

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 22 July 2024

Summary

In JetBrains TeamCity versions prior to 2024.07, an access token vulnerability exists that allows tokens to remain operational even after being deleted or past their expiration date. This flaw can potentially lead to unauthorized access by allowing former tokens to bypass authentication controls, thereby exposing sensitive project data. It's essential for users and organizations utilizing TeamCity to apply the latest updates to ensure security and mitigate risks associated with this vulnerability.

Affected Version(s)

TeamCity 0 < 2024.07

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2024
Vulnerability Reserved
Jul 22, 2024