Lucene search

JetBrainsCVELIST:CVE-2024-39878

HistoryJul 01, 2024 - 5:07 p.m.

CVE-2024-39878

2024-07-0117:07:45

JetBrains

www.cve.org

jetbrains teamcity

private key

github app connection

exposure

security vulnerability

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "TeamCity",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2024.03.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.jetbrains.com/privacy-security/issues-fixed/

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-39878