What the vulnerability does
01Description
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Key dates
02Disclosure timeline
May 29, 2024
CVE published
September 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie
CVE-2022-29844 Western Digital My Cloud OS 5 arbitrary file read and write vulnerability via ftp
CVE-2026-8209
CVE-2023-47613
CVE-2026-8073 Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP
