CVE-2024-29880

EPSS 0%
Published 21.03.2024 14:15:10
Last modified 16.12.2024 15:37:50
Source cve@jetbrains.com
Teams watchlist Login
Open Login

In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

JetBrains ≫ Teamcity Version < 2023.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0%	0

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com	4.2	0.8	3.4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

https://www.jetbrains.com/privacy-security/issues-fixed/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29880

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29880

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29880

EUVD