PRP: Request CVE-2024-27198 TeamCity Unauthenticated Remote Code Execution

[frkngksl]

Hi there,

I would like to implement a detector for the following vulnerability if it is in the scope. CVE-2024-27198 JetBrains TeamCity Unauthenticated RCE

Reference: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/ https://nvd.nist.gov/vuln/detail/CVE-2024-27198

Description: TeamCity exposes a web server over HTTP port 8111 by default (and can optionally be configured to run over HTTPS). An attacker can craft a URL such that all authentication checks are avoided, allowing endpoints that are intended to be authenticated to be accessed directly by an unauthenticated attacker. A remote unauthenticated attacker can leverage this to take complete control of a vulnerable TeamCity server.

Versions: Below JetBrains TeamCity Version 2023.11.4

[tooryx]

Hi @frkngksl,

As you already have entries in your queue, I will put that item in your contribution queue. As soon as your other contribution are accepted, we can review this one.

~tooryx

[frkngksl]

Hi @tooryx , thank you for accepting my Airflow contribution request. I want to ask a question about this issue. Some sources say that this vulnerability is critical and emergent. If you classify this request important, critical and freshly published, I can start with this vulnerabity first? If it is in the scope, and you are interested.

[tooryx]

Hi @frkngksl,

We are currently more interested (from a priority perspective) in the Airflow request rather than this one.

Cheers, ~tooryx

[frkngksl]

Okay then, thanks for the clarification.