Access Control Flaw in JetBrains TeamCity Exposes Build Logs
CVE-2024-56349

5.3MEDIUM

Key Information:

Vendor
JetBrains
Status
Teamcity
Vendor
CVE Published:
20 December 2024

Summary

CVE-2024-56349 is a significant access control vulnerability identified in JetBrains TeamCity versions prior to 2024.12. This flaw permits unauthorized users to modify build logs, potentially leading to security breaches and manipulation of build information. As this access control failure can enable malicious actors to alter critical build processes and outputs, it poses a serious risk to the integrity and reliability of applications using TeamCity for continuous integration and deployment. It is vital for organizations using affected versions of TeamCity to apply relevant security patches and updates promptly.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.