Advisory - TeamCity Account Creation

added by Robert Greyling
2/4/2015 9:41:03 AM

2 Kicks, 180 Views

TeamCity version 9.0.1 and earlier was found to be vulnerable to an account creation issue which allows unauthorised users to gain access to the server and potentially extract sensitive information, including source code. Depending on the configuration, new users may have permission to execute new builds of software projects and potentially hijack configuration parameters resulting in remote code execution.