CVE-2022-24341: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before 2021.2.1, a security vulnerability was identified where editing a user account to change its password didn't terminate sessions of the edited user (CVE-2022-24341). The vulnerability was discovered and disclosed on February 25, 2022, affecting JetBrains TeamCity installations prior to version 2021.2.1 (CVE Mitre).

The vulnerability stems from a session management flaw where the application fails to invalidate existing sessions when a user's password is changed. This security issue has been assigned a relatively low severity rating, as indicated by Rapid7's assessment with a severity score of 5 (Rapid7).

The vulnerability could allow existing sessions to remain active even after a password change, potentially enabling unauthorized access if an attacker had previously compromised a user's session. This could lead to continued unauthorized access to the system even after password changes were implemented as a security measure.

The vulnerability has been patched in TeamCity version 2021.2.1. Organizations using affected versions should upgrade to TeamCity 2021.2.1 or later to address this security issue. After upgrading, it is recommended to perform a system-wide session invalidation to ensure all existing sessions are terminated (JetBrains Fixed Issues).