CVE-2022-46831 MEDIUM

CVE-2022-46831

Vendor Jetbrains
Product TeamCity
Weakness CWE-453
Published December 8, 2022
Last update April 22, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Key dates

02Disclosure timeline

December 8, 2022 CVE published
April 22, 2025 Record updated