Insecure XML Parser Configuration in JetBrains TeamCity
CVE-2024-56356

7.1HIGH

Key Information:

Vendor: JetBrains
Status: Teamcity
Vendor: CVE Published:; 20 December 2024

Summary

CVE-2024-56356 pertains to a security vulnerability found in JetBrains TeamCity prior to version 2024.12, where an insecure XML parser configuration may permit unauthorized manipulation of XML data. This misconfiguration can result in an XML External Entity (XXE) attack, potentially leading to exposure of sensitive information and unauthorized system access. Users of TeamCity are highly encouraged to upgrade to the latest version to mitigate this risk and ensure the security of their CI/CD pipelines.

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024