Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2024-24942
Topic description: "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives ..."
"If we decompile and diff the REST API from TeamCity 2023.11.2 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147486.jar`) against TeamCity 2023.11.3 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147512.jar`), we can see the `SwaggerUI` class has been modified. ..."
Link: https://www.attackerkb.com/assessments/25397f72-670e-4ef4-a19b-2a3a55120d18
Topic description: "In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives ..."
"If we decompile and diff the REST API from TeamCity 2023.11.2 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147486.jar`) against TeamCity 2023.11.3 (`C:\TeamCity\webapps\ROOT\WEB-INF\plugins\rest-api\server\rest-api-2023.09-147512.jar`), we can see the `SwaggerUI` class has been modified. ..."
Link: https://www.attackerkb.com/assessments/25397f72-670e-4ef4-a19b-2a3a55120d18
0
1
1