CVE-2024-36364
📋 TL;DR
This vulnerability in JetBrains TeamCity allows improper access control in Pull Requests and Commit status publisher build features. Attackers could potentially manipulate build processes or access sensitive information. Organizations using affected TeamCity versions are at risk.
💻 Affected Systems
- JetBrains TeamCity
📦 What is this software?
Teamcity by Jetbrains
Teamcity by Jetbrains
Teamcity by Jetbrains
Teamcity by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized users could modify build configurations, inject malicious code into CI/CD pipelines, or access sensitive repository information leading to supply chain compromise.
Likely Case
Internal users with limited permissions could escalate privileges to modify build features they shouldn't have access to, potentially disrupting development workflows.
If Mitigated
With proper network segmentation and strict access controls, impact would be limited to authorized users within the TeamCity environment.
🎯 Exploit Status
Exploitation requires some level of access to TeamCity and understanding of build feature configurations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2022.04.7, 2022.10.6, 2023.05.6, or 2023.11.5 depending on your version track
Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
Restart Required: Yes
Instructions:
1. Backup your TeamCity installation and database. 2. Download the appropriate patched version from JetBrains website. 3. Stop TeamCity service. 4. Install the update following JetBrains upgrade guide. 5. Restart TeamCity service. 6. Verify functionality.
🔧 Temporary Workarounds
Disable vulnerable build features
allTemporarily disable Pull Requests and Commit status publisher build features until patching can be completed
Navigate to Administration > Build Features in TeamCity web interface and disable affected features
Restrict access to build configurations
allTighten permissions on who can modify build configurations and features
Use TeamCity role-based access control to limit build configuration modifications to essential personnel only
🧯 If You Can't Patch
- Implement strict network segmentation to isolate TeamCity from production environments
- Enable detailed audit logging for all build feature modifications and regularly review logs
🔍 How to Verify
Check if Vulnerable:
Check TeamCity version in Administration > Global Settings. If version is before 2022.04.7, 2022.10.6, 2023.05.6, or 2023.11.5, you are vulnerable.Check Version:
Check via web interface at Administration > Global Settings or via TeamCity REST API at /app/rest/serverVerify Fix Applied:
After patching, verify version shows 2022.04.7, 2022.10.6, 2023.05.6, or 2023.11.5 or later in Administration > Global Settings.📡 Detection & Monitoring
Log Indicators:
- Unauthorized modifications to build features
- Unexpected changes to Pull Request or Commit status configurations
- Failed authentication attempts followed by build feature changes
Network Indicators:
- Unusual API calls to build feature endpoints from unexpected IP addresses
SIEM Query:
source="teamcity" AND (event_type="build_feature_modified" OR event_type="permission_violation")