Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-27199

Published: 04/03/2024 Updated: 11/03/2024

Vulnerability Summary

In JetBrains TeamCity prior to 2023.11.4 path traversal allowing to perform limited admin actions was possible

Vulnerability Trend

Vendor Advisories

Check Point Security Alerts: JetBrains TeamCity Path Traversal (CVE-2024-27199)
Check Point Reference: CPAI-2024-0106 Date Published: 6 Mar 2024 Severity: High ...

Exploits

Exploit DB: JetBrains TeamCity Unauthenticated Remote Code Execution
This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code ex ...

Github Repositories

https://github.com/juev/links

My Reading List: Unread Generated by juev/getpocket-collector History (65/3120 items) Tax Season: Stay Secure With Bitwarden Send | Bitwarden Blog Refeed Reader - Open Source RSS Reader Saved by NixOS Integration Tests, Surprisingly - Andreas Fuchs’ Journal GitHub - pydantic/FastUI How a Distributed File System in Go Reduced Memory Usage by 90% - JuiceFS Blog The Subtle

https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-

Em fevereiro de 2024, foi identificado duas novas vulnerabilidades que afetam o servidor JetBrains TeamCity (CVE-2024-27198 e CVE-2024-27199)

Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198- Em fevereiro de 2024, foi identificado duas novas vulnerabilidades que afetam o servidor JetBrains TeamCity (CVE-2024-27198 e CVE-2024-27199)

https://github.com/hcy-picus/emerging_threat_simulator

This repo provides Proof-of-Concepts for emerging threats and exploit examples for recent critical vulnerabilities.

JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199 PoC Exploit Recently, JetBrains disclosed two critical vulnerabilities affecting JetBrains TeamCity CI/CD server products In this repo, Picus provides Proof-of-Concept exploit for CVE-2024-27198 and CVE-2024-27199 vulnerabilities CVE-2024-27198 Proof-of-concept (POC) CVE-2024-27198 vulnerability is caused by a CWE-288 weakn

https://github.com/Donata64/tc_test01

CVE-2024-27198 CVE-2024-27198 - Authentication Bypass Using an Alternate Path vulnerability in JetBrains TeamCity Server Please refer to Rapid7's blogpost for more information: CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities Products and Versions affected: Product Affected Versions TeamCity Server <= 202

https://github.com/W01fh4cker/CVE-2024-27198-RCE

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity Pre-2023.11.4

Cyberspace Mapping Dork Fofa app="JET_BRAINS-TeamCity" ZoomEye app:"JetBrains TeamCity" Hunterhow productname="TeamCity" Shodan httpcomponent:"teamcity" How to use I'm usin

https://github.com/passwa11/CVE-2024-27198-RCE

Cyberspace Mapping Dork Fofa app="JET_BRAINS-TeamCity" ZoomEye app:"JetBrains TeamCity" Hunterhow productname="TeamCity" Shodan httpcomponent:"teamcity" How to use I'm usin

https://github.com/CharonDefalt/CVE-2024-27198-RCE

Cyberspace Mapping Dork Fofa app="JET_BRAINS-TeamCity" ZoomEye app:"JetBrains TeamCity" Hunterhow productname="TeamCity" Shodan httpcomponent:"teamcity" How to use I'm usin

https://github.com/yoryio/CVE-2024-27198

Exploit for CVE-2024-27198 - TeamCity Server

CVE-2024-27198 CVE-2024-27198 - Authentication Bypass Using an Alternate Path vulnerability in JetBrains TeamCity Server Please refer to Rapid7's blogpost for more information: CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities Products and Versions affected: Product Affected Versions TeamCity Server <= 202

https://github.com/rampantspark/CVE-2024-27198

A PoC for CVE-2024-27198 written in golang

CVE-2024-27198 NIST: nvdnistgov/vuln/detail/CVE-2024-27198 Rapid7 blog post: wwwrapid7com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ Example Usage go run CVE-2024-27198go -s IP_OR_FQDN:PORT -u new_admin_username -p new_admin_password

https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc

Jasmin ransomware web panel path traversal PoC

Jasmin ransomware web panel path traversal PoC githubcom/codesiddhant/Jasmin-Ransomware I discovered a pre-auth path traversal vulnerability in the Jasmin Ransomware web panel (CVE-2024-30851), allowing an attacker to deanonymize panel operators and dump decryption keys Jasmin ransomware was observed in a recent TeamCity (CVE-2024-27198, CVE-2024-27199) exploitation

https://github.com/Stuub/RCity-CVE-2024-27198

CVE-2024-27199 PoC - RCE, Admin Account Creation, Enum Users, Server Information

RCity - CVE-2024-27198 (RCE & Admin Account Creation) Exploiting CVE-2024-27198 RCity is a Python script that interacts with a vulnerable TeamCity server The CVE facilitates for unauthorised admin account creation, bypassing 403's on the domain Whilst also achieving RCE, through the Debug/Processes route Usage To use the script, you need to provide the target Te

https://github.com/Stuub/RCity-CVE-2024-27199

RCity - CVE-2024-27199 (RCE & Admin Account Creation) Exploiting CVE-2024-27199 RCity is a Python script that interacts with a vulnerable TeamCity server The CVE facilitates for unauthorised admin account creation, bypassing 403's on the domain Whilst also achieving RCE, through the Debug/Processes route Usage To use the script, you need to provide the target Te

Recent Articles

Exploit available for new critical TeamCity auth bypass bug, patch now
BleepingComputer • Ionut Ilascu • 04 Mar 2024

Exploit available for new critical TeamCity auth bypass bug, patch now By Ionut Ilascu March 4, 2024 05:42 PM 0 A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. Since full technical details to create an exploit are available, administrators are strongly recommended to prioritize addressing the issue by updating to the latest version of the produ...

Read more...
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'
The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Exploits began within hours of the original disclosure, so patch now

Updated Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for the...

Read more...

References

https://www.jetbrains.com/privacy-security/issues-fixed/https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrivehttps://nvd.nist.govhttps://www.theregister.co.uk/2024/03/05/rapid7_jetbrains_vuln_disclosure_dispute/https://github.com/Shimon03/Explora-o-RCE-n-o-autenticado-JetBrains-TeamCity-CVE-2024-27198-https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0106.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook