CVE-2024-47950

Summary

CVE-2024-47950 identifies a stored cross-site scripting (XSS) vulnerability present in JetBrains TeamCity versions prior to 2024.07.3, specifically within the Backup configuration settings. Affected products include a variety of TeamCity deployments that fall under this version range. To remediate the issue, users are advised to update their TeamCity installations to version 2024.07.3 or later, as outlined in JetBrains' vendor advisory. The potential danger posed by this vulnerability is classified as low, with an exploitability score of 0.9 and requires high privileges and user interaction for successful exploitation. Although the integrity and confidentiality impacts are rated low, organizations may still be at risk for unauthorized actions if exploited due to improper input handling during web page generation (CWE-79).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.