Login Sign Up

CVE-2021-43200

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in JetBrains TeamCity allows attackers to bypass permission checks in the Agent Push functionality, potentially enabling unauthorized code execution or system compromise. It affects all TeamCity installations before version 2021.1.2 that have the Agent Push feature enabled.

💻 Affected Systems

Products:
  • JetBrains TeamCity
Versions: All versions before 2021.1.2
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Agent Push functionality to be enabled, which is commonly used in TeamCity deployments.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, allowing attackers to deploy malicious agents, steal credentials, or pivot to other systems in the CI/CD pipeline.

🟠

Likely Case

Unauthorized deployment of malicious build agents, leading to code injection, credential theft, or disruption of CI/CD processes.

🟢

If Mitigated

Limited impact with proper network segmentation and strict access controls, potentially only allowing unauthorized agent registration without code execution.

🌐 Internet-Facing: HIGH - TeamCity instances exposed to the internet are directly vulnerable to exploitation attempts.
🏢 Internal Only: HIGH - Even internally accessible instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires some level of access but bypasses permission checks, making it relatively straightforward for authenticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.1.2 or later

Vendor Advisory: https://blog.jetbrains.com/blog/2021/11/08/jetbrains-security-bulletin-q3-2021/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download TeamCity 2021.1.2 or later from JetBrains website. 3. Stop TeamCity server. 4. Install the new version following JetBrains upgrade guide. 5. Restart TeamCity server. 6. Verify functionality.

🔧 Temporary Workarounds

Disable Agent Push

all

Temporarily disable the vulnerable Agent Push functionality to prevent exploitation.

Navigate to Administration > Global Settings > Agent Push and disable the feature

Restrict Network Access

all

Limit TeamCity server access to trusted IP addresses only.

Configure firewall rules to restrict TeamCity ports (default 8111) to authorized networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate TeamCity from critical systems
  • Enforce multi-factor authentication and least privilege access controls for all TeamCity users

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration > Global Settings. If version is below 2021.1.2, the system is vulnerable.

Check Version:

Check TeamCity web interface at Administration > Global Settings or examine teamcity-server.log for version information

Verify Fix Applied:

Verify TeamCity version is 2021.1.2 or higher in Administration > Global Settings and test Agent Push functionality with proper permissions.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized Agent Push attempts in teamcity-server.log
  • Unexpected agent registrations or deployments

Network Indicators:

  • Unusual network traffic to/from TeamCity agent ports
  • Suspicious agent communication patterns

SIEM Query:

source="teamcity-server.log" AND ("Agent Push" OR "unauthorized" OR "permission denied")

📊 Metadata

CVE ID: CVE-2021-43200
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: November 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON