JetBrains TeamCity Authentication Bypass

Published on 05-Mar-2024
Updated:
17-Jan-2025
Status:
 
Closed
CVEs:
CVE-2024-27198

Fortra is investigating an authentication bypass vulnerability in JetBrains TeamCity – CVE-2024-27198. The authentication bypass allows an attacker to create an authentication token, which can then be used to perform remote code execution. The vendor has released an update to mitigate this vulnerability.

Who is affected?

All versions prior to JetBrains TeamCity 2023.11.4 are vulnerable to CVE-2024-27198.

What can I do?

JetBrains released an update with version 2023.11.4 to mitigate this vulnerability and another (CVE-2024-27199). Customers are recommended to update to this new version as soon as possible.

For more information about the update, refer to JetBrains’ release blog.

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities.

Alert Logic Vulnerability Scanning: Alert Logic released unauthenticated scan coverage to identify vulnerable instances. If the vulnerability is found, an exposure will be raised for CVE-2024-27198.  

Tripwire IP360: Tripwire released unauthenticated scan coverage on March 6, 2024, to identify vulnerable instances. If the vulnerability is found, vulnerability 609139 will match for CVE-2024-27198.

Fortra VM: Fortra VM Network Scanner 4.39.0, released on April 3, 2024, contains a new unauthenticated check for CVE-2024-27198: TeamCity Authentication Bypass (158996).

Core Impact: The exploit—Jetbrains TeamCity handleRequestInternal Authentication Bypass RCE— was delivered to Core Impact customers on March 8 addressing CVE-2024-27198. This exploit abuses an authentication bypass vulnerability in JetBrains TeamCity before 2023.11.4 to allow unauthenticated actors to execute OS system commands. The exploit was tested against Jetbrains TeamCity v2023.11.3, running on Windows Server 2022 Datacenter and Ubuntu Linux.

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available. 

03/08/2024: Alert Logic released unauthenticated scan coverage to identify vulnerable instances. 

Recent Emerging Threats
:
Unauthenticated File Upload in SAP NetWeaver
:
CrushFTP Authentication Bypass
:
Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates
:
Multiple Vulnerabilities Impacting rsync
:
Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes
Security Alerts in Your Inbox. We will watch for emerging threats; you can watch for our email.