CVE-2024-31136
CVE-2024-31136
In short
TeamCity versions before 2024.03 had a flaw where two-factor authentication (2FA) could be bypassed by crafting a special URL parameter. This is serious because it allows attackers to gain unauthorized access to accounts even when 2FA is enabled.
Technical detail
A URL parameter validation bypass in TeamCity before 2024.03 allowed attackers to circumvent two-factor authentication enforcement during the authentication flow. The attack requires network access to the vulnerable TeamCity instance but no prior authentication; successful exploitation grants full user account access, including administrative privileges depending on the compromised account.
Summary generated and translated by AI from the official description.
In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products
JetBrains · TeamCityWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →