Authentication Bypass in JetBrains TeamCity Allows Admin Actions

CVE-2024-27198

9.8CRITICAL

Key Information

Vendor
Jetbrains
Status
Teamcity
Vendor
CVE Published:
4 March 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 97%📰 News Worthy

What is CVE-2024-27198?

CVE-2024-27198 is a significant vulnerability affecting JetBrains TeamCity, a widely used continuous integration and deployment (CI/CD) tool designed to help software development teams automate the process of building, testing, and deploying code. This vulnerability allows unauthorized users to bypass authentication mechanisms entirely, enabling them to perform admin-level actions without appropriate credentials. Such an issue could lead to severe consequences for organizations that rely on TeamCity for managing their software development lifecycle, compromising sensitive project data and undermining the integrity of their CI/CD processes.

Technical Details

The vulnerability is rooted in the authentication mechanism of JetBrains TeamCity versions prior to 2023.11.4. Attackers can exploit this flaw to gain unauthorized access to administrative functionalities within the application. This bypass occurs due to improper validation that fails to enforce sufficient security checks, allowing attackers to impersonate legitimate users. The exploitation of this vulnerability could facilitate a range of malicious activities, from data manipulation to unauthorized deployment of code.

Impact of the Vulnerability

  1. Unauthorized Administrative Access: Threat actors can execute administrative actions without authentication, giving them the ability to alter configurations, manage user accounts, and potentially deploy malicious code into production environments.

  2. Data Breaches: The ability to bypass authentication poses a significant risk to sensitive project data, including source code, access credentials, and other confidential information, which could be exploited for further attacks or leaked publicly.

  3. Compromise of Software Integrity: By enabling unauthorized changes, this vulnerability threatens the integrity of the software development lifecycle, potentially leading to the introduction of insecure or malicious code into applications that utilize TeamCity for deployment.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-27198 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

TeamCity < 2023.11.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

JetBrains patches new TeamCity authentication bypass bugs

TeamCity servers risk being exposed to “complete compromise” if patch isn’t installed, researchers warned.

5 months ago

Трендовые уязвимости марта: обновляйтесь и импортозамещайтесь

Хабр, привет! Я Александр Леонов, и мы с командой аналитиков Positive Technologies каждый месяц изучаем информацию о недостатках безопасности из баз, бюллетеней безопасности вендоров, социальных...

8 months ago

PravinKarthik

Read all of the posts by PravinKarthik on TheCyberThrone

9 months ago

Refferences

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot

  • CISA Reported

  • 😈

    Used in Ransomware

  • Vulnerability started trending

  • 👾

    Exploit known to exist

  • First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA Database7 Proof of Concept(s)21 News Article(s)
.