MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2022-46831

CVSS 6.6v3.1pub. 2022-12-08upd. 2024-11-21

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
  • Jetbrains Teamcity

    APP
    Jetbrains
    2022.10 – 2022.10.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
CI/CD
CWE
References

Related vulnerabilities

CVE-2024-27198CRITICAL9.8⚠ KEVPL ✓ten sam produkt

JetBrains TeamCity — Authentication Bypass umożliwiający działania administracyjne

CVE-2023-42793CRITICAL9.8⚠ KEVten sam produkt

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVE-2024-23917CRITICAL9.8PL ✓ten sam produkt

JetBrains TeamCity: Authentication Bypass umożliwiający RCE

CVE-2023-34218CRITICAL9.1ten sam produkt

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...

CVE-2022-24331CRITICAL9.8ten sam produkt

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.