In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LJetbrains Teamcity
APPJetbrains2022.10 – 2022.10.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
CI/CD
Related vulnerabilities
CVE-2024-27198CRITICAL9.8⚠ KEVPL ✓ten sam produkt
JetBrains TeamCity — Authentication Bypass umożliwiający działania administracyjne
CVE-2023-42793CRITICAL9.8⚠ KEVten sam produkt
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVE-2024-23917CRITICAL9.8PL ✓ten sam produkt
JetBrains TeamCity: Authentication Bypass umożliwiający RCE
CVE-2023-34218CRITICAL9.1ten sam produkt
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...
CVE-2022-24331CRITICAL9.8ten sam produkt
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.