CVE-2024-31139

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 28, 2024
Updated: Dec 16, 2024
CWE ID 611

Summary

CVE-2024-31139 is a new vulnerability affecting JetBrains TeamCity versions prior to 2024.03. This issue allows for XML External Entity (XXE) attacks in the Maven build steps detector. An attacker could exploit this vulnerability to leak sensitive information or execute arbitrary code by injecting malicious XML entities into the affected system. This poses a significant risk to organizations using TeamCity for their continuous integration and delivery processes, and it is recommended that affected users upgrade to the latest version of TeamCity to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share