CVE-2022-46831

Summary

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

Affected Software

VendorProductVersion RangeStatus
JetBrainsTeamCity2022.10 < 2022.10.1affected

Weaknesses

  • CWE-453: CWE-453

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References