CVE-2024-43809: 
JetBrains TeamCity vulnerability analysis and mitigation

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in JetBrains TeamCity versions prior to 2024.07.1, specifically affecting the agentPushPreset page (NVD CVE). The vulnerability was disclosed on August 16, 2024, and received official assessment from NIST on August 19, 2024.

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). According to the NIST assessment, it received a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while JetBrains assessed it with a CVSS score of 3.5 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N (NVD CVE).

The vulnerability could potentially allow attackers to execute malicious scripts in the context of other users' browsers when they visit the affected agentPushPreset page, leading to possible data theft or manipulation of the web interface (NVD CVE).

The vulnerability has been patched in TeamCity version 2024.07.1. Users are advised to upgrade to this version or later to mitigate the risk (JetBrains Advisory).