What is CVE-2022-46831?

CVE-2022-46831 is a medium-severity vulnerability in Jetbrains Teamcity, classified under CWE-453. CVSS score: 6.6/10. Published 2022-12-08.

How severe is CVE-2022-46831?

Medium severity. CVSS v3 base score is 6.6 out of 10.

Vulnerability in Jetbrains Teamcity

CVE-2022-46831

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

EPSS: 0.000 (0.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L.

Affected products

Jetbrains Teamcity — versions 2022.10

Weakness classification (CWE)

CWE-453

References

www.jetbrains.com/privacy-security/issues-fixed/

Frequently asked questions

What is CVE-2022-46831?: CVE-2022-46831 is a medium-severity vulnerability in Jetbrains Teamcity, classified under CWE-453. CVSS score: 6.6/10. Published 2022-12-08.
How severe is CVE-2022-46831?: Medium severity. CVSS v3 base score is 6.6 out of 10.