In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
The vulnerability, classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel), allows bypassing authentication mechanisms in the TeamCity admin panel. An attacker can remotely send a specially crafted HTTP request without possessing an account or any credentials, which the application treats as authorized. As a result, the attacker gains the ability to perform full administrative operations on the CI/CD server.
An attacker can gain full administrative control over the TeamCity server — creating unauthorized user accounts, modifying CI/CD pipeline configurations, stealing secrets and access tokens, and potentially introducing malicious code into software build processes. Compromising a CI/CD server can lead to supply chain attacks.
JetBrains TeamCity must be immediately updated to version 2023.11.4 or later. Detailed information is available on the vendor's website: https://www.jetbrains.com/privacy-security/issues-fixed/
JetBrains TeamCity in all versions prior to 2023.11.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJetbrains Teamcity
APPJetbrains< 2023.11.4
CISA KEV — detailsi
- Vendori
- JetBrains ↗
- Producti
- TeamCity
- Added to KEVi
- March 7, 2024
- Remediation deadline (US Federal)i
- March 28, 2024(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions.
Related vulnerabilities
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
JetBrains TeamCity: Authentication Bypass umożliwiający RCE
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.