CVE-2022-46831
EUVD-2022-4961308.12.2022, 18:15
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| jetbrains | teamcity | 2022.10 ≤ 𝑥 ≤ 2022.10.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-453 - Insecure Default Variable InitializationThe software, by default, initializes an internal variable with an insecure or less secure value than is possible.
- CWE-1188 - Insecure Default Initialization of ResourceThe software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.