CVSS 3.1 Score 5.4 of 10 (medium)


Published May 29, 2024


CVE-2024-36366 is a vulnerability found in JetBrains TeamCity versions before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5. This vulnerability allows for cross-site scripting (XSS) attacks to be executed through specific report grouping and filtering operations. The risk score of this vulnerability is 25 out of 100, with a medium base severity score of 5.4 out of 10 according to the CVSS:3.1 rating system. Exploitation requires no privileges and user interaction is required, but the attack vector is through the network with low integrity and confidentiality impact and no availability impact. The CWE-ID associated with this vulnerability is CWE-79, which refers to improper neutralization of input during web page generation (cross-site scripting). No further analysis on this vulnerability has been provided at this time. Affected Products: JetBrains TeamCity versions before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5. Remediation: Users should update their installations to one of the mentioned fixed versions or later to protect against this XSS vulnerability. Potential Danger: This vulnerability poses a medium risk to organizations that use affected versions of JetBrains TeamCity as it can allow attackers to execute cross-site scripting attacks, potentially leading to unauthorized access or manipulation of sensitive information on the targeted system or network resources.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-36366 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options