修正的安全问题

此页面列出了已解决的安全问题的相关信息，包括描述、严重性、分配的 CVE 以及解决这些问题的产品版本。

产品	描述	严重性	解决版本	CWE	CVE
TeamCity	Authenticated users without administrative permissions could register other users when self-registration was disabled (TW-87046)	Medium	2024.03	CWE-863	CVE-2024-31134
TeamCity	Open redirect was possible on the login page (TW-87062)	Medium	2024.03	CWE-601	CVE-2024-31135
TeamCity	2FA could be bypassed by providing a special URL parameter (TW-86989)	High	2024.03	CWE-1288	CVE-2024-31136
TeamCity	Reflected XSS was possible via Space connection configuration. Reported by Linh Dinh (TW-86832)	Medium	2024.03	CWE-79	CVE-2024-31137
TeamCity	XSS was possible via Agent Distribution settings. Reported by Alex Williams from Trend Micro (TW-86535)	Medium	2024.03	CWE-79	CVE-2024-31138
TeamCity	XXE was possible in the Maven build steps detector (TW-86300)	Medium	2024.03	CWE-611	CVE-2024-31139
TeamCity	Server administrators could remove arbitrary files from the server by installing tools (TW-86039)	Medium	2024.03	CWE-1288	CVE-2024-31140

产品

TeamCity

修正版本

2024.03