skip to content
Yupy Syntax

CVE-2024-27198 - Write Up

/ 2 min read

Last Updated:
cve

CVE-2024-27198 Write Up

Haii!! How are you?!!

This time I will share an article about the findings I found on a website that is vulnerable to the CVE-2024-27198 vulnerability. okay, let’s get straight to it.

Details Information Vulnerability:

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible.

CVSS ScoreSeverity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCritical (9.8)

Proof of Concept (PoC):

This script uses known endpoints and methods for interacting with TeamCity servers. It attempts an older method for RCE that may not work on all configurations or updated versions of TeamCity. There may be other methods for achieving RCE on TeamCity servers that are not covered by this script.

alt text

Impact:

Both vulnerabilities are authentication bypass vulnerabilities, the most severe of which, CVE-2024-27198, allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated RCE, as demonstrated via our exploit:

alt text

Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack.

The second vulnerability, CVE-2024-27199, allows for a limited amount of information disclosure and a limited amount of system modification, including the ability for an unauthenticated attacker to replace the HTTPS certificate in a vulnerable TeamCity server with a certificate of the attacker’s choosing.

References: