CVE-2024-27198 - WriteUps

CVE-2024-27198 WriteUps

Haii!! How are you?!!

Kali ini saya akan membagikan artikel tentang temuan yang saya temukan pada suatu website yang rentan pada kerentanan CVE-2024-27198. oke langsung saja.

Details Information Vulnerability:

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible.

CVSS Score:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity:	Critical (9.8)

Proof of Concept (PoC):

This script uses known endpoints and methods for interacting with TeamCity servers. It attempts an older method for RCE that may not work on all configurations or updated versions of TeamCity. There may be other methods for achieving RCE on TeamCity servers that are not covered by this script. image

Impact:

Both vulnerabilities are authentication bypass vulnerabilities, the most severe of which, CVE-2024-27198, allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker, including unauthenticated RCE, as demonstrated via our exploit: !image

Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack.

The second vulnerability, CVE-2024-27199, allows for a limited amount of information disclosure and a limited amount of system modification, including the ability for an unauthenticated attacker to replace the HTTPS certificate in a vulnerable TeamCity server with a certificate of the attacker’s choosing.

References:

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27198
  • https://nvd.nist.gov/vuln/detail/CVE-2024-27198
  • https://github.com/rapid7/metasploit-framework/pull/18922
  • https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
  • https://www.jetbrains.com/privacy-security/issues-fixed/