Login Sign Up

CVE-2022-24331

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in JetBrains TeamCity allows attackers to impersonate users through GitLab authentication flaws. It affects TeamCity instances using GitLab authentication before version 2021.1.4. Attackers could gain unauthorized access to CI/CD pipelines and sensitive build artifacts.

💻 Affected Systems

Products:
  • JetBrains TeamCity
Versions: All versions before 2021.1.4
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances configured with GitLab authentication

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of CI/CD pipelines, unauthorized code deployment, theft of source code and credentials, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized access to build environments, code repository access, and potential injection of malicious code into production deployments.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires understanding of GitLab authentication flow and access to vulnerable TeamCity instance

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.1.4 and later

Vendor Advisory: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download TeamCity 2021.1.4 or later from JetBrains website. 3. Stop TeamCity service. 4. Install the updated version. 5. Restart TeamCity service. 6. Verify authentication functionality.

🔧 Temporary Workarounds

Disable GitLab Authentication

all

Temporarily disable GitLab authentication until patching can be completed

Edit TeamCity configuration to remove GitLab authentication provider

Network Restriction

all

Restrict TeamCity access to trusted IP addresses only

Configure firewall rules to limit TeamCity access to authorized networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate TeamCity from production environments
  • Enable detailed authentication logging and implement real-time monitoring for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Server Configuration

Check Version:

Check TeamCity web interface or server logs for version information

Verify Fix Applied:

Verify version is 2021.1.4 or later and test GitLab authentication functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication patterns from GitLab
  • Multiple failed authentication attempts followed by success
  • Authentication from unexpected IP addresses

Network Indicators:

  • Unusual traffic patterns to TeamCity authentication endpoints
  • Requests bypassing normal authentication flows

SIEM Query:

source="teamcity" AND (event_type="authentication" AND (result="failure" OR user_agent="GitLab")) | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2022-24331
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: February 25, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON