CVE Vulnerabilities

CVE-2022-46831

Insecure Default Variable Initialization

Published: Dec 08, 2022 | Modified: Nov 21, 2024
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the Default Credential Provider Chain allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Weakness

The product, by default, initializes an internal variable with an insecure or less secure value than is possible.

Affected Software

Name Vendor Start Version End Version
Teamcity Jetbrains 2022.10 (including) 2022.10.1 (including)

Potential Mitigations

References