CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.

such as ‘-‘, ‘_’, ‘+’, ‘:’, ‘@’, ‘#’, ‘$’, ‘%’, ‘&’, ‘(‘, ‘)’. As of JetBrains TeamCity version 2022.10, Password parameters are no longer exposed in the build log. To avoid risk of data exposure, consider replacing special characters in Password parameters with a different character.

As of JetBrains TeamCity version 2022.10, Password parameters are no longer exposed in the build log. To avoid risk of data exposure, consider replacing special characters in Password parameters with a different character. In JetBrains TeamCity version before 2022.10, if the name of the build step contains special characters, then the build log would have shown one or several warnings.

In JetBrains TeamCity version before 2022.10, if the name of the build step contains special characters, then the build log would have shown one or several warnings. As of JetBrains TeamCity version 2022.10, if a build step has an empty parameter name, then the build log would show one or several warnings.

New features in JetBrains TeamCity version 2023.0

As of JetBrains TeamCity version 2023.0, if a build step has an empty parameter name, then the build log would show one or several warnings.

Always use build step name as a parameter value

As of JetBrains TeamCity version 2022.10, if a build step has an empty parameter name, then the build log would show one or several warnings.

Behavior of JetBrains TeamCity v2.0 and v3.0 in **Recommendations**

Timeline

Published on: 11/03/2022 14:15:00 UTC
Last modified on: 11/03/2022 19:44:00 UTC

References