Improper Validation of Consistency within Input

CVE-2024-31136

High

7.4/10

Summary

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-1288 - Improper Validation of Consistency within Input

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.

References

Advisory Timeline

Published Mar 28, 2024

Improper Validation of Consistency within Input

CVE-2024-31136

Summary

CWE-1288 - Improper Validation of Consistency within Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS