Privilege Escalation Vulnerability in JetBrains TeamCity (2022.10 - 2022.10.1) Allows Unauthorized Access to AWS Resources

Privilege Escalation Vulnerability in JetBrains TeamCity (2022.10 - 2022.10.1) Allows Unauthorized Access to AWS Resources

CVE-2022-46831 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Learn more about our Aws Audit.