CVE-2024-31139
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2024-31139 is a new vulnerability affecting JetBrains TeamCity versions prior to 2024.03. This issue allows for XML External Entity (XXE) attacks in the Maven build steps detector. An attacker could exploit this vulnerability to leak sensitive information or execute arbitrary code by injecting malicious XML entities into the affected system. This poses a significant risk to organizations using TeamCity for their continuous integration and delivery processes, and it is recommended that affected users upgrade to the latest version of TeamCity to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- TeamCity
Affected Vendors
- JetBrains