CVE-2024-31140
CVE-2024-31140
In short
A vulnerability in JetBrains TeamCity allows server administrators to delete arbitrary files from the server when installing tools. This could lead to system instability or data loss if an admin account is compromised.
Technical detail
CWE-1288 vulnerability in TeamCity versions prior to 2024.03 permits authenticated administrators to remove arbitrary files via the tool installation mechanism. Exploitation requires valid admin credentials and access to the tool installation feature; impact includes potential denial of service or compromise of server integrity through deletion of critical system files.
Summary generated and translated by AI from the official description.
In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Affected products
JetBrains · TeamCityWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →