Backup file write vulnerability in TeamCity before 2024.07.3
CVE-2024-47949

7.5HIGH

Key Information:

Vendor

Jetbrains
Status
Teamcity
Vendor
CVE Published:
8 October 2024

What is CVE-2024-47949?

A path traversal vulnerability in JetBrains TeamCity prior to version 2024.07.3 permits unauthorized access, allowing attackers to write backup files to arbitrary locations within the filesystem. This flaw stems from insufficient validation of file paths, potentially leading to data exposure or system compromise. Users are advised to upgrade to the latest version to mitigate any associated risks and enhance overall security.

Affected Version(s)

TeamCity 0 < 2024.07.3

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.