CVE-2024-36470

🗓️ 29 May 2024 13:29:07Reported by JetBrainsType

Authentication bypass in JetBrains TeamCity

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) JetBrains TeamCity, related to bypassing the authentication process by using an alternative path or channel, allows attackers to circumvent the authentication process and gain increased privileges.	30 May 202400:00	–	bdu_fstec
CNNVD	JetBrains TeamCity 安全漏洞	29 May 202400:00	–	cnnvd
CNVD	JetBrains TeamCity Authentication Bypass Vulnerability	31 May 202400:00	–	cnvd
Cvelist	CVE-2024-36470	29 May 202413:29	–	cvelist
EUVD	EUVD-2024-36107	3 Oct 202520:07	–	euvd
NVD	CVE-2024-36470	29 May 202414:15	–	nvd
OSV	CVE-2024-36470	29 May 202414:15	–	osv
Positive Technologies	PT-2024-3856 · Jetbrains · Teamcity	29 May 202400:00	–	ptsecurity
Tenable Nessus	JetBrains TeamCity Multiple Vulnerabilities	31 May 202400:00	–	nessus
Vulnrichment	CVE-2024-36470	29 May 202413:29	–	vulnrichment

NVD

Node

jetbrains teamcityRange<2022.04.7

jetbrains teamcityRange2022.10–2022.10.6

jetbrains teamcityRange2023.05–2023.05.6

jetbrains teamcityRange2023.11–2023.11.5

[
  {
    "vendor": "JetBrains",
    "product": "TeamCity",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
jetbrains	www.jetbrains.com/privacy-security/issues-fixed/

07 Feb 2025 20:10Current

7.1High risk

Vulners AI Score7.1

CVSS 3.18.1 - 9.8

EPSS0.00003

SSVC