CVE-2022-46831
08.12.2022, 18:15
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jetbrains | teamcity | 2022.10 ≤ 𝑥 ≤ 2022.10.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-453 - Insecure Default Variable InitializationThe software, by default, initializes an internal variable with an insecure or less secure value than is possible.
- CWE-1188 - Insecure Default Initialization of ResourceThe software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.