The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity lies in the lack of security measures for website structure protection. This allows attackers to perform cross-site scripting attacks.

🗓️ 07 Jun 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

The TeamCity CI/CD system lacks website structure protection, enabling remote cross-site scripting.

Reporter	Title	Published	Views	Family All 9
CNNVD	JetBrains TeamCity 安全漏洞	16 May 202400:00	–	cnnvd
CNVD	JetBrains TeamCity Cross-Site Scripting Vulnerability	30 May 202400:00	–	cnvd
CVE	CVE-2024-35302	16 May 202410:32	–	cve
Cvelist	CVE-2024-35302	16 May 202410:32	–	cvelist
NVD	CVE-2024-35302	16 May 202411:15	–	nvd
OSV	CVE-2024-35302	16 May 202411:15	–	osv
Positive Technologies	PT-2024-3981 · Jetbrains · Teamcity	16 May 202400:00	–	ptsecurity
Tenable Nessus	TeamCity Server < 2023.11.0 Restore From Backup XSS	29 May 202400:00	–	nessus
Vulnrichment	CVE-2024-35302	16 May 202410:32	–	vulnrichment

Vulners

Node

jetbrains teamcityRange<2023.11

Source	Link
jetbrains	www.jetbrains.com/privacy-security/issues-fixed/
jetbrains	www.jetbrains.com/help/teamcity/restoring-teamcity-data-from-backup.html
vuldb	www.vuldb.com/
web	www.web.nvd.nist.gov/view/vuln/detail

07 Jun 2024 00:00Current

5.2Medium risk

Vulners AI Score5.2

CVSS 35.4

CVSS 26.4

EPSS0.00271

TeamCity continuous integration website structure protection cross site scripting remote vulnerability