admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create JetBrains_TeamCity_permission_bypass_vulnerability_(CVE-2024-27198 & CVE-2024-27199).md

Browse Source
This commit is contained in:
Goby 2024-03-21 18:58:03 +08:00 committed by GitHub
parent ef05e25e1f
commit c4b681b0ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
JetBrains_TeamCity_permission_bypass_vulnerability_(CVE-2024-27198 & CVE-2024-27199).md Normal file
View File

@ -0,0 +1,13 @@
## JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199)
| **Vulnerability** | JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199) |
| :----: | :-----|
| **Chinese name** | JetBrains TeamCity 权限绕过漏洞CVE-2024-27198 & CVE-2024-27199 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [app="JET_BRAINS-TeamCity"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJUZWFtY2l0eSIgfHwgYmFubmVyPSJUZWFtY2l0eSIgfHwgdGl0bGU9IlRlYW1DaXR5IiB8fCBib2R5PSJjb250ZW50PVwiVGVhbUNpdHkgKExvZyBpbiB0byBUZWFtQ2l0eSI%3D)|
| **Number of assets affected** | 141734 |
| **Description** | JetBrains TeamCity is a continuous integration and continuous delivery (CI/CD) server developed by JetBrains. It provides a powerful platform for automating the building, testing and deployment of software projects. TeamCity aims to simplify team collaboration and software delivery processes, improve development team efficiency and product quality.JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
| **Impact** | JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2024/03/21/247110c62504abd3.gif).