CVE-2021-25777
published 2021-02-03CVE-2021-25777: In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
PriorityP422medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.72%
49.3th percentile
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | < 2020.2.1 | 2020.2.1 |
| mautic | core | >= 1.0.0-beta4 < 4.4.12 | 4.4.12 |
| mautic | core | >= 5.0.0-alpha < 5.0.4 | 5.0.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic: MST-48 Server-Side Request Forgery in Asset section
ghsa·2024-04-12
CVE-2022-25777 [MEDIUM] CWE-918 Mautic: MST-48 Server-Side Request Forgery in Asset section
Mautic: MST-48 Server-Side Request Forgery in Asset section
### Impact
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
### Patches
Update to 4.4.12 or 5.0.4
### Workarounds
None
### References
- https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
GHSA
GHSA-7v4q-3ch3-mjc7: In JetBrains TeamCity before 2020
ghsa_unreviewed·2022-05-24
CVE-2021-25777 [MEDIUM] CWE-863 GHSA-7v4q-3ch3-mjc7: In JetBrains TeamCity before 2020
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-03
Published