CVE-2022-24333: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before version 2021.2, a blind Server-Side Request Forgery (SSRF) vulnerability was discovered via an XML-RPC call. This security issue was assigned CVE-2022-24333 and was publicly disclosed in February 2022 (NVD).

The vulnerability has been assessed with a CVSS v3.1 Base Score of 6.5 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-918 (Server-Side Request Forgery). The issue specifically involves the XML-RPC functionality in TeamCity, which could be exploited to perform blind SSRF attacks (NVD).

The vulnerability allows an attacker to perform Server-Side Request Forgery attacks, potentially leading to unauthorized access to internal resources and information disclosure. The CVSS score indicates that while the vulnerability requires low attack complexity and no user interaction, it does require low privileges to exploit and can result in high confidentiality impact (NVD).

The vulnerability has been fixed in JetBrains TeamCity version 2021.2. Users are advised to upgrade to this version or later to mitigate the risk (NVD).