Описание
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2022.10 (включая) до 2022.10.1 (включая)
cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00007
Низкий
6.6 Medium
CVSS3
4.9 Medium
CVSS3
Дефекты
CWE-453
CWE-1188
Связанные уязвимости
CVSS3: 4.9
github
около 3 лет назад
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.
EPSS
Процентиль: 0%
0.00007
Низкий
6.6 Medium
CVSS3
4.9 Medium
CVSS3
Дефекты
CWE-453
CWE-1188