CVE-2024-36366

Summary

CVE-2024-36366 is a vulnerability found in JetBrains TeamCity versions before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5. This vulnerability allows for cross-site scripting (XSS) attacks to be executed through specific report grouping and filtering operations. The risk score of this vulnerability is 25 out of 100, with a medium base severity score of 5.4 out of 10 according to the CVSS:3.1 rating system. Exploitation requires no privileges and user interaction is required, but the attack vector is through the network with low integrity and confidentiality impact and no availability impact. The CWE-ID associated with this vulnerability is CWE-79, which refers to improper neutralization of input during web page generation (cross-site scripting). No further analysis on this vulnerability has been provided at this time. Affected Products: JetBrains TeamCity versions before 2022.04.6, 2022.10.5, 2023.05.5, and 2023.11.5. Remediation: Users should update their installations to one of the mentioned fixed versions or later to protect against this XSS vulnerability. Potential Danger: This vulnerability poses a medium risk to organizations that use affected versions of JetBrains TeamCity as it can allow attackers to execute cross-site scripting attacks, potentially leading to unauthorized access or manipulation of sensitive information on the targeted system or network resources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.