Critical Security Issues in TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199)

Advisory No: TZCERT/SA/2024/03/06

Date of First Release: 6^th March 2024

Source: JetBrains

Software Affected: TeamCity On-Premises

Overview:

Vulnerabilities exists in JetBrains TeamCity On-Premises software which allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.

CVE-2024-27198 (CVSS base score of 9.8 – Critical): is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288).

CVE-2024-27199 (CVSS base score of 7.3 – High): is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22).

TeamCity Cloud servers have already been patched.

Impact:

Successful exploitation of these vulnerabilities may allow an unauthenticated attacker to bypass the authentication checks and gain administrative control of the TeamCity server.

Solution:

A workaround for these vulnerabilities has been released. Users and administrators are encouraged to

1. Apply released updates on their servers to version 2023.11.4.

1. Apply Security Plugin patch released if you unable to update your server. Security patch can be downloaded through TeamCity 2018.2 and newer and TeamCity 2018.1 and older

References:

1. https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/

2. https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/