A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
JetBrains TeamCity On-Premises软件中披露了一对新的安全漏洞,可以被威胁行为者利用来控制受影响的系统。
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
这些漏洞被追踪为CVE-2024-27198(CVSS得分:9.8)和CVE-2024-27199(CVSS得分:7.3),已在版本2023.11.4中解决。它们影响所有2023.11.3之前的TeamCity On-Premises版本。
"The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," JetBrains said in an advisory released Monday.
JetBrains在周一发布的一份公告中表示:“这些漏洞可能使未经身份验证的攻击者通过HTTP(S)访问TeamCity服务器绕过身份验证检查并获得对该TeamCity服务器的管理控制。”
TeamCity Cloud instances have already been patched against the two flaws. Cybersecurity firm Rapid7, which discovered and reported the issues on February 20, 2024, said CVE-2024-27198 is a case of authentication bypass that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker.
TeamCity Cloud实例已针对这两个漏洞进行了修补。发现并报告这些问题的网络安全公司Rapid7表示,CVE-2024-27198是一种身份验证绕过情况,允许远程未经身份验证的攻击者完全控制易受攻击的服务器。
"Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack," the company noted.
公司指出:“入侵TeamCity服务器允许攻击者完全控制所有TeamCity项目、构建、代理和构件,因此是一种适当的向量,可以使攻击者执行供应链攻击。”
CVE-2024-27199, also an authentication bypass flaw, stems from a path traversal issue that can permit an unauthenticated attacker to replace the HTTPS certificate in a vulnerable TeamCity server with a certificate of their choosing via the "/app/https/settings/uploadCertificate" endpoint and even alter the port number the HTTPS service listens on.
CVE-2024-27199也是一种身份验证绕过漏洞,源于路径遍历问题,可以允许未经身份验证的攻击者通过“/app/https/settings/uploadCertificate”端点替换易受攻击的TeamCity服务器中的HTTPS证书为其选择的证书,甚至修改HTTPS服务监听的端口号。
A threat actor could leverage the vulnerability to perform a denial-of-service against the TeamCity server by either changing the HTTPS port number, or by uploading a certificate that will fail client-side validation. Alternatively, the uploaded certificate could be used for adversary-in-the-middle scenarios if it's trusted by the clients.
威胁行为者可以利用这个漏洞通过更改HTTPS端口号或上传一个将失败客户端验证的证书来对TeamCity服务器执行拒绝服务攻击。或者,如果客户端信任,上传的证书可以用于中间者情景。
"This authentication bypass allows for a limited number of authenticated endpoints to be reached without authentication," Rapid7 said of the shortcoming.
Rapid7称这种身份验证绕过允许有限数量的已验证端点在没有身份验证的情况下访问。
"An unauthenticated attacker can leverage this vulnerability to both modify a limited number of system settings on the server, as well as disclose a limited amount of sensitive information from the server."
“未经身份验证的攻击者可以利用这个漏洞修改服务器上的有限数量的系统设置,并从服务器中披露有限数量的敏感信息。”
The development comes nearly a month after JetBrains released fixes to contain another flaw (CVE-2024-23917, CVSS score: 9.8) that could also enable an unauthenticated attacker to gain administrative control of TeamCity servers.
这一发展发生在JetBrains发布修复另一个漏洞(CVE-2024-23917,CVSS得分:9.8)以遏制可能使未经身份验证的攻击者获得对TeamCity服务器的管理控制的情况近一个月之后。
With security vulnerabilities in JetBrains TeamCity having come under active exploitation last year by North Korean and Russian threat actors, it's essential that users take steps to update their servers immediately.
由于去年朝鲜和俄罗斯威胁行为者对JetBrains TeamCity的安全漏洞进行了积极利用,用户必须立即采取措施更新他们的服务器。
参考资料
[1]https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html
原文始发于微信公众号(知机安全):JetBrains TeamCity安全漏洞:系统攻陷警示
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论