TeamCity OAuth Code Theft Vulnerability
CVE-2024-41829

7.5HIGH

Key Information:

Vendor
JetBrains
Status
Teamcity
Vendor
CVE Published:
22 July 2024

Summary

In JetBrains TeamCity prior to version 2024.07, a security vulnerability exists that allows for the potential theft of OAuth authentication codes when connected to JetBrains Space. This issue arises from improper handling of OAuth tokens, which could expose sensitive information to attackers, compromising user accounts and associated data. The vulnerability underscores the importance of implementing robust security measures and updating to the latest versions to mitigate risks related to OAuth connections.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.