2022.10.1

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jetbrains

CWE-1188

NVD

Published: 2022-12-08

Updated: 2022-12-12

Summary

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Vulnerable Configurations

Part	Description	Count
Application	Jetbrains Jetbrains Teamcity 2022.10 Jetbrains Teamcity 2022.10.1	2

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.jetbrains.com/privacy-security/issues-fixed/