Vulnerabilities > CVE-2022-46830 - Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity 2022.10/2022.10.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2022-12-08

Updated: 2022-12-12

Summary

In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Teamcity 2022.10 Jetbrains Teamcity 2022.10.1	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.jetbrains.com/privacy-security/issues-fixed/

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.