Primary

Context

JetBrains TeamCity Connection Secrets Decryption Vulnerability

Vulnerability

A vulnerability in JetBrains TeamCity versions prior to 2024.12.1 allows for the decryption of connection secrets through the Test Connection endpoint, without the necessary permissions. This issue could lead to unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability could result in unauthorized decryption of connection secrets, potentially leading to exposure of sensitive information or credentials.

Remediation

Users can update to JetBrains TeamCity version 2024.12.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JetBrains TeamCity Connection Secrets Decryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JetBrains TeamCity

JetBrains YouTrack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating