Overview

Vulnerabilities exist in JetBrains TeamCity On-Premises software which allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.

Description

CVE-2024-27198 (CVSS base score of 9.8 - Critical): is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288). CVE-2024-27199 (CVSS base score of 7.3 - High): is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22).

Impact

Successful exploitation of these vulnerabilities may allow an unauthenticated attacker to bypass the authentication checks and gain administrative control of the TeamCity server.

Solution

A workaround for these vulnerabilities has been released. Users and administrators are encouraged to Apply released updates on their servers to version 2023.11.4. Apply Security Plugin patch released if you are unable to update your server. Security patches can be downloaded through TeamCity 2018.2 and newer and TeamCity 2018.1 and older

References

• 1. https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
• 2. https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/