CVE-2023-38066: XSS
First published: Wed Jul 12 2023(Updated: )
In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads
Credit: security@jetbrains.com security@jetbrains.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jetbrains Teamcity | <2023.05.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this JetBrains TeamCity vulnerability?
The vulnerability ID for this JetBrains TeamCity vulnerability is CVE-2023-38066.
What is the severity level of CVE-2023-38066?
The severity level of CVE-2023-38066 is medium.
How does the vulnerability in JetBrains TeamCity before 2023.05.1 occur?
The vulnerability in JetBrains TeamCity before 2023.05.1 occurs through reflected XSS via the Referer header during artifact downloads.
Which software versions are affected by CVE-2023-38066?
The versions up to but excluding 2023.05.1 of JetBrains TeamCity are affected by CVE-2023-38066.
How can I fix the vulnerability in JetBrains TeamCity?
To fix the vulnerability in JetBrains TeamCity, it is recommended to update to version 2023.05.1 or newer.
- collector/nvd-index
- collector/nvd-latest
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/jetbrains
- canonical/jetbrains teamcity