-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #720 from sT0wn-nl/patch-14
Create DIVD-2024-00009.md
- Loading branch information
Showing
1 changed file
with
57 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| --- | ||
| layout: case | ||
| title: Authentication Bypass in JetBrains TeamCity | ||
| excerpt: "Successful exploitation of CVE-2024-27198 and CVE-2024-27199 allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server." | ||
| author: Alwin Warringa | ||
| lead: Alwin Warringa | ||
| researchers: | ||
| - Alwin Warringa | ||
| - Gerben van de Wiel | ||
| cves: | ||
| - CVE-2024-27198 | ||
| - CVE-2024-27199 | ||
| product: | ||
| - JetBrains TeamCity | ||
| versions: | ||
| - All TeamCity On-Premises versions from 2017.1 through 2023.11.3 | ||
| recommendation: "Upgrade to the latest available version as soon as possible or apply the provided security patch" | ||
| patch_status: Released | ||
| workaround: Install the JetBrains-provided security patch. | ||
| status : open | ||
| start: 2024-03-06 | ||
| end: | ||
| timeline: | ||
| - start: 2024-03-04 | ||
| end: | ||
| event: "DIVD starts researching this vulnerability." | ||
| - start: 2024-03-05 | ||
| end: | ||
| event: "DIVD found a good fingerprint method" | ||
| - start: 2024-03-07 | ||
| end: | ||
| event: "DIVD starts scanning the internet for vulnerable instances." | ||
| #ips: 1259 | ||
| # ips is used for statistics after the case is closed. If it is not applicable, you can set IPs to n/a (e.g. stolen credentials) | ||
| # This field becomes mandatory when the case status is set to 'Closed' | ||
|
|
||
| # You can set IPs to n/a when this case isn't about IPs (e.g. stolen credentials) | ||
| --- | ||
| ## Summary | ||
|
|
||
| A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform bypass authentication checks and gain administrative control of that TeamCity server. | ||
|
|
||
| ## Recommendations | ||
|
|
||
| JetBrains advises On-Prem users to upgrade to the latest available version as soon as possible or install the security patch. See the references for the download links. If you are compromised, DIVD advises you start your incident response process immediately. | ||
|
|
||
| ## What we are doing | ||
|
|
||
| DIVD is currently working to identify vulnerable instances and notify the owners of these systems. | ||
|
|
||
| {% comment %} Leave this here, so we see a timeline {% endcomment %} | ||
| {% include timeline.html %} | ||
|
|
||
| ## More information | ||
| * [JetBrains Advisory](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/) | ||
| * [CVE-2024-27198](https://nvd.nist.gov/vuln/detail/CVE-2024-27198) | ||
| * [CVE-2024-27199](https://nvd.nist.gov/vuln/detail/CVE-2024-27199) |