Unauthorized Project Access in JetBrains TeamCity
CVE-2024-56350

4.3MEDIUM

Key Information:

Vendor: JetBrains
Status: Teamcity
Vendor: CVE Published:; 20 December 2024

Summary

A significant security flaw has been identified in JetBrains TeamCity versions prior to 2024.12, which permits unauthorized users to view project details without appropriate permissions. This vulnerability poses a serious risk to data confidentiality and can facilitate further attacks if exploited. Organizations utilizing affected versions of TeamCity should prioritize applying the latest security updates to safeguard their projects against unauthorized access.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024