CVE-2015-1313

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions 8 through 9.0.1 JetBrains TeamCity version 9.0.2 is not affected, so only versions prior to 9.0.2 are considered vulnerable.

Description The issue allows bypass of account-creation restrictions via a crafted request. This is possible because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request.

Recommendations For JetBrains TeamCity versions 8 through 9.0.1, update to version 9.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the account creation functionality until a patch is applied.