CVE-2022-46831

MEDIUM

JetBrains TeamCity <2022.10.1 - Privilege Escalation

Title source: llm

Description

In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators.

References (1)

[Vendor Advisory] https://www.jetbrains.com/privacy-security/issues-fixed/

Scores

CVSS v3 6.6

EPSS 0.0001

EPSS Percentile 0.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-453 CWE-1188

Status published

Products (1)

jetbrains/teamcity 2022.10 - 2022.10.1

Published Dec 08, 2022

Tracked Since Feb 18, 2026