Insecure XML Parser Configuration in JetBrains TeamCity

CVE-2024-56356

Currently unrated

Key Information:

Vendor: JetBrains
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-56356 pertains to a security vulnerability found in JetBrains TeamCity prior to version 2024.12, where an insecure XML parser configuration may permit unauthorized manipulation of XML data. This misconfiguration can result in an XML External Entity (XXE) attack, potentially leading to exposure of sensitive information and unauthorized system access. Users of TeamCity are highly encouraged to upgrade to the latest version to mitigate this risk and ensure the security of their CI/CD pipelines.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

Timeline

Vulnerability published
Dec 20, 2024

Collectors

NVD Database