CVE-2024-56348

MEDIUM LAB

JetBrains TeamCity < 2024.12 - Incorrect Authorization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-56348. PoCs published by joshuavanderpoll, Msakhana68.

AI-analyzed exploit summary The repository contains a Go-based exploit for CVE-2024-56348, with a GitHub Actions workflow for building cross-platform binaries. The presence of a Docker setup suggests it includes a test environment for the exploit.

Description

In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents

Exploits (2)

nomisec WORKING POC 1 stars
by joshuavanderpoll · poc
https://github.com/joshuavanderpoll/cve-2024-56348

The repository contains a Go-based exploit for CVE-2024-56348, with a GitHub Actions workflow for building cross-platform binaries. The presence of a Docker setup suggests it includes a test environment for the exploit.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: unknown
No auth needed
Prerequisites: Go environment · Docker (for testing)
devstral-2 · analyzed Mar 09, 2026 Full analysis →
nomisec WORKING POC
by Msakhana68 · poc
https://github.com/Msakhana68/cve-2024-56348

The repository contains a Go-based exploit for CVE-2024-56348, with a Docker setup for testing. The presence of a Go file and Docker infrastructure suggests a functional PoC.

Classification
Working Poc 80%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Unknown (CVE-2024-56348)
No auth needed
Prerequisites: Go environment · Docker setup
devstral-2 · analyzed Mar 21, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0027
EPSS Percentile 18.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull eclipse-temurin:11-jre-jammy

Details

CWE
CWE-863
Status published
Products (1)
jetbrains/teamcity < 2024.12
Published Dec 20, 2024
Tracked Since Feb 18, 2026