Software distribution system TeamCity remembers deleted access tokens

Attackers can exploit six vulnerabilities in JetBrain TeamCity that have since been closed.

(Image: Alfa Photo/Shutterstock.com)

Jul 23, 2024 at 3:26 pm CEST

1 min. read

By

Dennis Schirrmacher

The TeamCity software distribution system from JetBrain is vulnerable. The developers have sealed several vulnerabilities in a current version.

Unauthorized access possible

According to the security section of the JetBrains website, one vulnerability (CVE-2024-41827) is classified as"high". The problem is that access tokens continue to work after they have expired and been deleted, allowing attackers to gain access. It is not yet clear how such an attack could take place.

By successfully exploiting the remaining vulnerabilities, attackers can launch persistent XSS attacks in the code inspection tab and in the show connection page (CVE-2024-41825"medium", CVE-2024-41826"low"), among other things, in order to execute their own commands.

The developers state that they have closed the vulnerabilities in version 2024.07.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Back to top

Alle Angebote

Newsletter heise-Bot Push Push-Nachrichten

${intro} ${title}

${intro} ${title}

Software distribution system TeamCity remembers deleted access tokens

Unauthorized access possible

Spiele