JetBrains fixes vulnerabilities in TeamCity

 

A critical vulnerability (CVE-2024-27198) in the TeamCity CI/CD solution allows a remote, unauthenticated attacker to gain administrator rights and control of the server. Since the technical details of the exploit are already available, administrators are advised to resolve the issue as soon as possible by installing TeamCity 2023.11.4.

Also, the new version of TeamCity has fixed the second vulnerability (CVE-2024-27199), which allows you to change some system settings without authentication. Both issues were discovered by Rapid7 and are related to the TeamCity web component, affecting all versions of local installations.

CVE-2024-27198 (CVSS Score 9.8) is a critical authentication bypass vulnerability in the TeamCity web component due to an alternative path issue. In turn, CVE-2024-27199 (7.3 points on the CVSS scale), this is a path traversal problem in the TeamCity web component, which also allows you to bypass authentication.

Researchers warn that CVE-2024-27198 could give an attacker full control over a vulnerable TeamCity server, including remote execution of arbitrary code.

“Compromising a TeamCity server allows an attacker to gain full control of all TeamCity projects, builds, agents and artifacts, and is therefore a suitable vector for conducting supply chain attacks,” they write in Rapid7.

Experts demonstrated the seriousness of the problem by preparing an exploit that allows you to gain shell access (Meterpreter session) on the target TeamCity server.

JetBrains fixes vulnerabilities in TeamCity

The second vulnerability is less dangerous, since to exploit it the attacker must already be on the victim’s network. Thus, an attacker can use CVE-2024-27199 for denial of service (DoS) attacks or to eavesdrop on client connections as part of MitM attacks.

Rapid7 explains that attackers can cause DoS on a server by changing the HTTPS port number or replacing the HTTPS certificate on a vulnerable server with a certificate of their choice. To achieve a denial of service, you will need to change the HTTPS port or upload a certificate that will not pass client-side validation.

JetBrains fixes vulnerabilities in TeamCity

As mentioned above, JetBrains has released an updated version of TeamCity – 2023.11.4, which eliminates both vulnerabilities. The developers write that the problems affect “all versions up to 2023.11.3” and strongly recommend installing the update as soon as possible. If this is not possible, a special plugin is already available for TeamCity 2018.2 and later, as well as for TeamCity 2018.1 and older.

0 / 5

Your page rank:


Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment