Login Sign Up

CVE-2024-36370

4.6 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in JetBrains TeamCity allows attackers to inject malicious scripts into OAuth connection settings. When administrators view these settings, the scripts execute in their browser context. All TeamCity instances running vulnerable versions are affected.

💻 Affected Systems

Products:
  • JetBrains TeamCity
Versions: Before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have permissions to modify OAuth connection settings.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leading to full TeamCity system takeover, data exfiltration, or deployment of malicious builds.

🟠

Likely Case

Session hijacking of administrators, credential theft, or unauthorized actions performed with admin privileges.

🟢

If Mitigated

Limited impact due to proper input validation and output encoding preventing script execution.

🌐 Internet-Facing: MEDIUM - Requires attacker to have access to TeamCity interface and ability to modify OAuth settings.
🏢 Internal Only: MEDIUM - Internal attackers with TeamCity access could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to TeamCity with permissions to modify OAuth settings.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 or later

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download patched version from JetBrains website. 3. Stop TeamCity service. 4. Install updated version. 5. Restart TeamCity service. 6. Verify version is updated.

🔧 Temporary Workarounds

Restrict OAuth Settings Access

all

Limit permissions to modify OAuth connection settings to trusted administrators only.

Content Security Policy

all

Implement strict Content Security Policy headers to mitigate XSS impact.

🧯 If You Can't Patch

  • Implement strict access controls on TeamCity administration interface
  • Monitor and audit all OAuth connection setting modifications

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Global Settings

Check Version:

Check TeamCity web interface or server logs for version information

Verify Fix Applied:

Verify version is 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual modifications to OAuth connection settings
  • Multiple failed login attempts followed by OAuth changes

Network Indicators:

  • Suspicious requests to OAuth configuration endpoints
  • Unexpected external connections from TeamCity server

SIEM Query:

source="teamcity" AND (event="oauth_settings_modified" OR event="configuration_change")

📊 Metadata

CVE ID: CVE-2024-36370
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CWE: CWE-79
Published: May 29, 2024
Last Updated: December 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36370, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)