CVE-2022-44624 - Vulnerability Details - OpenCVE

In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Jetbrains	Teamcity

Configuration 1 [-]

cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.jetbrains.com/privacy-security/issues-fixed/

History

Fri, 02 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: JetBrains

Published: 2022-11-03T00:00:00.000Z

Updated: 2025-05-02T19:33:33.094Z

Reserved: 2022-11-02T00:00:00.000Z

Link: CVE-2022-44624

Vulnrichment

Updated: 2024-08-03T13:54:03.919Z

NVD

Status : Modified

Published: 2022-11-03T14:15:35.703

Modified: 2024-11-21T07:28:13.137

Link: CVE-2022-44624

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-44624", "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "assignerShortName": "JetBrains", "dateUpdated": "2025-05-02T19:33:33.094Z", "dateReserved": "2022-11-02T00:00:00.000Z", "datePublished": "2022-11-03T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains", "dateUpdated": "2022-11-03T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters"}], "affected": [{"vendor": "JetBrains", "product": "TeamCity", "versions": [{"version": "2022.10", "status": "affected", "lessThan": "2022.10", "versionType": "custom"}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-532 Information Exposure Through Log Files", "cweId": "CWE-532"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["TW-77048"], "discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.919Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-02T19:33:26.777586Z", "id": "CVE-2022-44624", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T19:33:33.094Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:54:03.919Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-44624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-02T19:33:26.777586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T19:33:30.045Z"}}], "cna": {"source": {"defect": ["TW-77048"], "discovery": "INTERNAL"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "JetBrains", "product": "TeamCity", "versions": [{"status": "affected", "version": "2022.10", "lessThan": "2022.10", "versionType": "custom"}]}], "references": [{"url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files"}]}], "providerMetadata": {"orgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "shortName": "JetBrains", "dateUpdated": "2022-11-03T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-44624", "state": "PUBLISHED", "dateUpdated": "2025-05-02T19:33:33.094Z", "dateReserved": "2022-11-02T00:00:00.000Z", "assignerOrgId": "547ada31-17d8-4964-bc5f-1b8238ba8014", "datePublished": "2022-11-03T00:00:00.000Z", "assignerShortName": "JetBrains"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*", "matchCriteriaId": "750585D1-5572-4BE3-AD0E-08E1DBD2908F", "versionEndExcluding": "2022.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters"}, {"lang": "es", "value": "En la versi\u00f3n JetBrains TeamCity anterior a 2022.10, los par\u00e1metros de contrase\u00f1a pod\u00edan quedar expuestos en el registro de compilaci\u00f3n si conten\u00edan caracteres especiales."}], "id": "CVE-2022-44624", "lastModified": "2024-11-21T07:28:13.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve@jetbrains.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-03T14:15:35.703", "references": [{"source": "cve@jetbrains.com", "tags": ["Vendor Advisory"], "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jetbrains.com/privacy-security/issues-fixed/"}], "sourceIdentifier": "cve@jetbrains.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "cve@jetbrains.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}