Lucene search

JetBrainsVULNRICHMENT:CVE-2024-35301

HistoryMay 16, 2024 - 10:32 a.m.

CVE-2024-35301

2024-05-1610:32:00

JetBrains

github.com

jetbrains

teamcity

github

app token

scope

vulnerability

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In JetBrains TeamCity before 2024.03.1 commit status publisher didn’t check project scope of the GitHub App token

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "TeamCity",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2024.03.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*"
    ],
    "vendor": "jetbrains",
    "product": "teamcity",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2024.03.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.jetbrains.com/privacy-security/issues-fixed/

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-35301