CVE-2024-24936

In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.jetbrains.com/privacy-security/issues-fixed/	Vendor Advisory
https://www.jetbrains.com/privacy-security/issues-fixed/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:00

Type	Values Removed	Values Added
References	~~() https://www.jetbrains.com/privacy-security/issues-fixed/ - Vendor Advisory~~	() https://www.jetbrains.com/privacy-security/issues-fixed/ - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 4.3

09 Feb 2024, 01:06

Type	Values Removed	Values Added
References	~~() https://www.jetbrains.com/privacy-security/issues-fixed/ -~~	() https://www.jetbrains.com/privacy-security/issues-fixed/ - Vendor Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.3
First Time		Jetbrains teamcity Jetbrains
CPE		cpe:2.3:a:jetbrains:teamcity::::::::

06 Feb 2024, 13:53

Type	Values Removed	Values Added
Summary		(es) En JetBrains TeamCity antes de 2023.11.2, se omitía el control de acceso en el endpoint del complemento S3 Artifact Storage

06 Feb 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-06 10:15

Updated : 2024-11-21 09:00

NVD link : CVE-2024-24936

Mitre link : CVE-2024-24936

CVE.ORG link : CVE-2024-24936

JSON object : View

Products Affected

jetbrains

teamcity

CWE

CWE-285

Improper Authorization

NVD-CWE-noinfo

4.3 /10