What the vulnerability does
01Description
In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly
CVSS base score
5.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Key dates
02Disclosure timeline
March 6, 2024
CVE published
August 2, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-24774 Missing authorization allows users to access arbitrary security levels on Jira through webhooks (Jira Plugin)
CVE-2025-30163 Node based network policies may incorrectly allow workload traffic
CVE-2023-1779 Helmholz and MB Connect Line: Account takeover via password reset in multiple products
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)
CVE-2023-22500 glpi Unauthorized access to inventory files
