CVE-2024-56348

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 20, 2024
Updated: Jan 2, 2025
CWE ID 863

Summary

CVE-2024-56348 is a newly disclosed vulnerability in JetBrains TeamCity versions prior to 2024.12. This issue grants unauthorized access to view details of agents, bypassing the expected access control restrictions, potentially leading to sensitive information disclosure. Improper access control in TeamCity (versions before 2024.12) allows unauthorized users to gain insights into details of restricted agents, posing a risk for information disclosure. JetBrains TeamCity developers have identified and labeled this vulnerability as CVE-2024-56348. Unauthorized users can exploit a vulnerability (CVE-2024-56348) in JetBrains TeamCity versions prior to 2024.12, allowing them to view sensitive agent details, bypassing the intended access control mechanisms. This cybersecurity issue puts confidential information at risk and necessitates immediate upgrades to the latest TeamCity version. JetBrains TeamCity versions earlier than 2024.12 harbor a vulnerability, CVE-2024-56348, which enables unauthorized entities to access details of agents, surpassing the intended access control boundaries, leading to potential information leaks. A recently discovered vulnerability, CVE-2024-56348, impacts JetBrains TeamCity versions preceding 2024.12. This flaw enables unauthorized access to agent details, breaching the designed access control protocols, potentially resulting in sensitive information exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share