CVE-2015-1313
published 2023-06-29CVE-2015-1313: JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced…
PriorityP337medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.61%
44.9th percentile
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | >= 8.0 < 9.0.2 | 9.0.2 |
| jetbrains | teamcity | >= 8.0.1 < 9.0.2 | 9.0.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qjwq-qh5c-p96w: JetBrains TeamCity 8 and 9 before 9
ghsa_unreviewed·2023-06-29
CVE-2015-1313 [MEDIUM] CWE-425 GHSA-qjwq-qh5c-p96w: JetBrains TeamCity 8 and 9 before 9
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.
Red Hat
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
vendor_redhat·2015-01-26·CVSS 6.8
CVE-2014-1313 [MEDIUM] webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Will not fix
Package: webkitgtk3 (Red Hat Enterprise Linux
No detection rules found.
No public exploits indexed.
2023-06-29
Published