Details of VAR-202105-1407

ID

VAR-202105-1407

CVE

CVE-2021-31909

TITLE

JetBrains TeamCity Argument insertion or modification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006577

DESCRIPTION

In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. JetBrains TeamCity Is vulnerable to the insertion or modification of arguments.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. TeamCity is a Java-based build management and continuous integration server launched by JetBrains. JetBrains TeamCity version before 2020.2.3 has a parameter injection vulnerability

Trust: 2.25

sources: NVD: CVE-2021-31909 // JVNDB: JVNDB-2021-006577 // CNVD: CNVD-2021-34747 // VULMON: CVE-2021-31909

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-34747

AFFECTED PRODUCTS

vendor:	jetbrains	model:	teamcity	scope:	lt	version:	2020.2.3	Trust: 1.6
vendor:	jetbrains	model:	teamcity	scope:	eq	version:	-	Trust: 0.8
vendor:	jetbrains	model:	teamcity	scope:	eq	version:	2020.2.3	Trust: 0.8

sources: CNVD: CNVD-2021-34747 // JVNDB: JVNDB-2021-006577 // NVD: CVE-2021-31909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-31909
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-31909
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-34747
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202105-678
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-31909
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-31909
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-34747
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-31909
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31909
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-34747 // VULMON: CVE-2021-31909 // JVNDB: JVNDB-2021-006577 // CNNVD: CNNVD-202105-678 // NVD: CVE-2021-31909

PROBLEMTYPE DATA

problemtype:	CWE-88	Trust: 1.0
problemtype:	Insert or change arguments (CWE-88) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006577 // NVD: CVE-2021-31909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-678

TYPE

parameter injection

Trust: 0.6

sources: CNNVD: CNNVD-202105-678

PATCH

title:	The JetBrains Blog JetBrains	url:	https://blog.jetbrains.com	Trust: 0.8
title:	Patch for JetBrains TeamCity parameter injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/265166	Trust: 0.6
title:	Jetbrains JetBrains TeamCity Repair measures for parameter injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150840	Trust: 0.6

sources: CNVD: CNVD-2021-34747 // JVNDB: JVNDB-2021-006577 // CNNVD: CNNVD-202105-678

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31909	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-006577	Trust: 0.8
db:	CNVD	id:	CNVD-2021-34747	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-678	Trust: 0.6
db:	VULMON	id:	CVE-2021-31909	Trust: 0.1

sources: CNVD: CNVD-2021-34747 // VULMON: CVE-2021-31909 // JVNDB: JVNDB-2021-006577 // CNNVD: CNNVD-202105-678 // NVD: CVE-2021-31909

REFERENCES

url:	https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31909	Trust: 1.4
url:	https://blog.jetbrains.com	Trust: 1.1
url:	https://cwe.mitre.org/data/definitions/88.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-34747 // VULMON: CVE-2021-31909 // JVNDB: JVNDB-2021-006577 // CNNVD: CNNVD-202105-678 // NVD: CVE-2021-31909

SOURCES

db:	CNVD	id:	CNVD-2021-34747
db:	VULMON	id:	CVE-2021-31909
db:	JVNDB	id:	JVNDB-2021-006577
db:	CNNVD	id:	CNNVD-202105-678
db:	NVD	id:	CVE-2021-31909

LAST UPDATE DATE

2024-08-14T13:23:33.223000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-34747	date:	2021-05-16T00:00:00
db:	VULMON	id:	CVE-2021-31909	date:	2021-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-006577	date:	2022-01-13T07:36:00
db:	CNNVD	id:	CNNVD-202105-678	date:	2021-05-18T00:00:00
db:	NVD	id:	CVE-2021-31909	date:	2021-05-14T19:14:41.023

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-34747	date:	2021-05-16T00:00:00
db:	VULMON	id:	CVE-2021-31909	date:	2021-05-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-006577	date:	2022-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-678	date:	2021-05-11T00:00:00
db:	NVD	id:	CVE-2021-31909	date:	2021-05-11T12:15:08.087