Skip to main content

Insecure Storage of Sensitive Information

CVE-2022-25264

Severity High
Score 7.5/10

Summary

In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-922 - Insecure Storage of Sensitive Information

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

Advisory Timeline

  • Published