Vulnerabilities > CVE-2022-46831 - Insecure Default Initialization of Resource vulnerability in Jetbrains Teamcity 2022.10

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jetbrains
CWE-1188

Summary

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Vulnerable Configurations

Part Description Count
Application
Jetbrains
1