var-202105-1407
Vulnerability from variot
In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. JetBrains TeamCity Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TeamCity is a Java-based build management and continuous integration server launched by JetBrains.
JetBrains TeamCity version before 2020.2.3 has a parameter injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1407",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "teamcity",
"scope": "lt",
"trust": 1.6,
"vendor": "jetbrains",
"version": "2020.2.3"
},
{
"model": "teamcity",
"scope": "eq",
"trust": 0.8,
"vendor": "jetbrains",
"version": null
},
{
"model": "teamcity",
"scope": "eq",
"trust": 0.8,
"vendor": "jetbrains",
"version": "2020.2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2020.2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31909"
}
]
},
"cve": "CVE-2021-31909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-31909",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-34747",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-31909",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-31909",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-34747",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-678",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-31909",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. JetBrains TeamCity Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TeamCity is a Java-based build management and continuous integration server launched by JetBrains. \n\r\n\r\nJetBrains TeamCity version before 2020.2.3 has a parameter injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "VULMON",
"id": "CVE-2021-31909"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-31909",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-34747",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-31909",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"id": "VAR-202105-1407",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
}
]
},
"last_update_date": "2023-12-18T13:55:52.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "The\u00a0JetBrains\u00a0Blog JetBrains",
"trust": 0.8,
"url": "https://blog.jetbrains.com"
},
{
"title": "Patch for JetBrains TeamCity parameter injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/265166"
},
{
"title": "Jetbrains JetBrains TeamCity Repair measures for parameter injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=150840"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.0
},
{
"problemtype": "Insert or change arguments (CWE-88) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31909"
},
{
"trust": 1.1,
"url": "https://blog.jetbrains.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/88.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"date": "2021-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"date": "2022-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"date": "2021-05-11T12:15:08.087000",
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-34747"
},
{
"date": "2021-05-14T00:00:00",
"db": "VULMON",
"id": "CVE-2021-31909"
},
{
"date": "2022-01-13T07:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-006577"
},
{
"date": "2021-05-14T19:14:41.023000",
"db": "NVD",
"id": "CVE-2021-31909"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JetBrains\u00a0TeamCity\u00a0 Argument insertion or modification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-006577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "parameter injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-678"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.