CVE-2015-1313

MEDIUM

JetBrains TeamCity <9.0.2 - Auth Bypass

Title source: llm

Description

JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

References (2)

[Exploit, Third Party Advisory] https://beyondbinary.io/articles/teamcity-account-creation/

[Product] https://www.jetbrains.com/teamcity/download/

Scores

CVSS v3 6.5

EPSS 0.0000

EPSS Percentile 0.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-425

Status published

Products (1)

jetbrains/teamcity 8.0 - 9.0.2

Published Jun 29, 2023

Tracked Since Feb 18, 2026