CVE-2015-1313

EUVD-2015-1454
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
jetbrainsteamcity
8.0 ≤
𝑥
< 9.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://beyondbinary.io/articles/teamcity-account-creation/
https://www.jetbrains.com/teamcity/download/
https://beyondbinary.io/articles/teamcity-account-creation/
https://www.jetbrains.com/teamcity/download/