Password Exposure Risk in TeamCity via Sonar Runner REST API
CVE-2024-47161

6.5MEDIUM

Key Information:

Vendor: Jetbrains
Status: Teamcity
Vendor: CVE Published:; 8 October 2024

Summary

A security vulnerability has been identified in JetBrains TeamCity that allows for the potential exposure of passwords through the Sonar runner REST API. This issue affects versions of TeamCity released before 2024.07.3, where improper handling of sensitive data may expose user credentials to unauthorized access. Addressing this vulnerability is crucial to maintaining the integrity and security of user systems.

Affected Version(s)

TeamCity 0 < 2024.07.3

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Sep 19, 2024