Lucene search

K
cve[email protected]CVE-2023-39173
HistoryJul 25, 2023 - 3:15 p.m.

CVE-2023-39173

2023-07-2515:15:13
CWE-266
web.nvd.nist.gov
17
jetbrains
teamcity
vulnerability
token
permissions
security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access

Affected configurations

NVD
Node
jetbrainsteamcityRange<2023.05.2

CNA Affected

[
  {
    "vendor": "JetBrains",
    "product": "TeamCity",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "2023.05.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.7%

Related for CVE-2023-39173