CVE-2024-56349: 
JetBrains TeamCity vulnerability analysis and mitigation

In JetBrains TeamCity before version 2024.12, a security vulnerability was identified where improper access control allowed unauthorized users to modify build logs. The vulnerability was disclosed on December 20, 2024, and was assigned CVE-2024-56349. This security issue affects JetBrains TeamCity installations prior to version 2024.12 (NVD, JetBrains Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, has unchanged scope, and impacts only integrity with low severity while having no impact on confidentiality or availability. The vulnerability is classified as CWE-862 (Missing Authorization) (NVD).

The vulnerability allows unauthorized users to modify build logs in TeamCity installations. This could potentially lead to manipulation of build history and compromise the integrity of the build process documentation (NVD).

The vulnerability has been fixed in TeamCity version 2024.12. Users are advised to upgrade to this version or later to mitigate the security risk (JetBrains Advisory).