Detections
Analytics
JetBrains TeamCity Guest Access Detected
medium Web App Scanning Plugin ID 115110
Synopsis
JetBrains TeamCity Guest Access DetectedDescription
JetBrains TeamCity is a continuous integration and build management system that allows guest access if the feature is enabled. If guest login is enabled, an attacker can access the TeamCity server without authentication, potentially leading to unauthorized access to sensitive information and system functionalities.Solution
If guest login is not required, disable the guest login feature in the TeamCity administration interface to prevent unauthorized access.See Also
Plugin Details
Severity: Medium
ID: 115110
Type: remote
Family: Component Vulnerability
Published: 1/15/2026
Updated: 1/15/2026
Scan Template: basic, full, pci, scan
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: Tenable
CVSS v3
Risk Factor: High
Base Score: 7.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Reference Information
CWE: 16
OWASP: 2010-A6, 2013-A5, 2013-A9, 2017-A6, 2017-A9, 2021-A5, 2021-A6
WASC: Application Misconfiguration
DISA STIG: APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1
PCI-DSS: 3.2-6.2