漏洞平台

POC详情： 0f6a17bfb2f0d93142b3e4b581f86a22dacce0f5

来源

https://github.com/yoryio/CVE-2024-27198

关联漏洞

标题： JetBrains TeamCity 安全漏洞 (CVE-2024-27198)
描述：JetBrains TeamCity是捷克JetBrains公司的一套分布式构建管理和持续集成工具。该工具提供持续单元测试、代码质量分析和构建问题分析报告等功能。 JetBrains TeamCity 2023.11.4之前版本存在安全漏洞，该漏洞源于存在身份验证绕过漏洞。

描述

Exploit for CVE-2024-27198 - TeamCity Server

介绍

# CVE-2024-27198

### CVE-2024-27198 - Authentication Bypass Using an Alternate Path vulnerability in JetBrains TeamCity Server

- Please refer to Rapid7's blogpost for more information: [CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities](https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/)

![teamcityserverlogo](https://www.devopsschool.com/blog/wp-content/uploads/2022/04/teamcity-logo.png)

*Products and Versions affected:*


| Product  | Affected Versions |
| :--------| :---------------- |
| TeamCity Server | <= 2023.11.3|

- **CVSS:** 9.8
- **Actively Exploited:** [YES](https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-adds-one-known-exploited-jetbrains-vulnerability-cve-2024-27198-catalog)
- **Patch:** YES
- **Mitigation:** YES

# Lab

You can deploy a TeamCity server with Docker to test this exploit

- Download a vulnerable TeamCity Server docker image, for this case version: 2023.11.3
```
docker pull jetbrains/teamcity-server:2023.11.3
```

- Then run the docker container

```
docker run -it -d --name teamcity -u root -p 8111:8111 jetbrains/teamcity-server:2023.11.3
```

- Finally, go to: `http://localhost:8111` and follow the configuration instructions for your new server (just click `Proceed` and create a new admin account).

# Help

```
usage: CVE-2024-27198.py [-h] -t TARGET -u USERNAME -p PASSWORD

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target TeamCity Server URL
  -u USERNAME, --username USERNAME
                        Insert username for the new user
  -p PASSWORD, --password PASSWORD
                        Insert password for the new user
```

**Example:** 

```
python CVE-2024-27198.py -t http://localhost:8111 -u mynewadminuser -p mypassword
```


# References

- [CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)](https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/)
- [Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/)
- [CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog](https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-adds-one-known-exploited-jetbrains-vulnerability-cve-2024-27198-catalog)
- [GreyNoise Tag - TeamCity JetBrain CVE-2024-27198 Auth Bypass Attempt](https://viz.greynoise.io/query/tags:%22TeamCity%20JetBrain%20CVE-2024-27198%20Auth%20Bypass%20Attempt%22)

文件快照


 [4.0K]  /data/pocs/0f6a17bfb2f0d93142b3e4b581f86a22dacce0f5
├── [2.2K]  CVE-2024-27198.py
└── [2.8K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。