CVE-2024-35302

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published May 16, 2024

CWE ID 79

Summary

CVE-2024-35302 is a stored Cross-Site Scripting (XSS) vulnerability affecting JetBrains TeamCity versions prior to 2023.11. Attackers could exploit this flaw by injecting malicious code during a backup restoration process, potentially gaining unauthorized access to user sessions or stealing sensitive information. This vulnerability poses a serious threat to TeamCity users and could lead to significant data breaches if not addressed promptly through an update to a patched version of the software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

TeamCity

Affected Vendors

JetBrains

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/v9ZvWa
https://www.cve.org/CVERecord?id=CVE-2024-35302
https://nvd.nist.gov/vuln/detail/CVE-2024-35302

Back to Vulnerability Database