CVE-2023-41249: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before version 2023.05.3, a reflected Cross-Site Scripting (XSS) vulnerability was discovered during the Build Step Metrics copying process. The vulnerability was assigned identifier CVE-2023-41249 and was publicly disclosed on August 25, 2023 (CVE Details).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), commonly known as Cross-site Scripting. The CVSS v3.1 base score was assessed differently by various organizations: NIST rated it as 6.1 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while JetBrains rated it as 4.6 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N (NVD).

The vulnerability could allow attackers to execute malicious scripts in the context of the user's browser during the Build Step Metrics copying process, potentially leading to unauthorized access to sensitive information and manipulation of web content (NVD).

The vulnerability has been patched in TeamCity version 2023.05.3. Users are advised to upgrade to this version or later to mitigate the risk (JetBrains Advisory).