Lucene search

K
cve[email protected]CVE-2023-34228
HistoryMay 31, 2023 - 2:15 p.m.

CVE-2023-34228

2023-05-3114:15:10
CWE-308
web.nvd.nist.gov
11
cve-2023-34228
jetbrains
teamcity
authentication
2fa
security vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions

Affected configurations

NVD
Node
jetbrainsteamcityRange<2023.05

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "TeamCity",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2023.05",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.5%

Related for CVE-2023-34228