CVE-2015-1313

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Forced Browsing
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
jetbrainsteamcity
8.0 ≤
𝑥
< 9.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://beyondbinary.io/articles/teamcity-account-creation/
https://www.jetbrains.com/teamcity/download/
https://beyondbinary.io/articles/teamcity-account-creation/
https://www.jetbrains.com/teamcity/download/