CVE-2024-36378
📋 TL;DR
JetBrains TeamCity servers before version 2024.03.2 are vulnerable to denial-of-service attacks when receiving malformed authentication tokens. This vulnerability allows attackers to crash or degrade server performance, affecting all organizations running vulnerable TeamCity instances.
💻 Affected Systems
- JetBrains TeamCity
📦 What is this software?
Teamcity by Jetbrains
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage where TeamCity becomes unresponsive, disrupting CI/CD pipelines and development workflows.
Likely Case
Service degradation with intermittent availability issues affecting build processes and developer productivity.
If Mitigated
Minimal impact with proper network controls and monitoring in place to detect and block attack attempts.
🎯 Exploit Status
The vulnerability requires sending malformed authentication tokens, which can be done without valid credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.03.2
Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/
Restart Required: Yes
Instructions:
1. Backup TeamCity configuration and data. 2. Download TeamCity 2024.03.2 or later from JetBrains website. 3. Stop TeamCity service. 4. Install the updated version. 5. Restart TeamCity service. 6. Verify functionality.
🔧 Temporary Workarounds
Network Access Control
linuxRestrict access to TeamCity ports (default 8111) to trusted IP addresses only
# Example iptables rule: iptables -A INPUT -p tcp --dport 8111 -s trusted_ip_range -j ACCEPT
# Then: iptables -A INPUT -p tcp --dport 8111 -j DROP
Reverse Proxy Rate Limiting
allConfigure rate limiting on reverse proxy to limit authentication attempts
# nginx example: limit_req_zone $binary_remote_addr zone=auth:10m rate=10r/m;
# Then in location block: limit_req zone=auth burst=20 nodelay;
🧯 If You Can't Patch
- Implement strict network segmentation to isolate TeamCity from untrusted networks
- Deploy WAF or IPS with DoS protection rules in front of TeamCity
🔍 How to Verify
Check if Vulnerable:
Check TeamCity version in Administration → Server Administration → Server Health → VersionCheck Version:
Check TeamCity web interface at /admin/admin.html?item=diagnostics&tab=version or examine teamcity-server.log for version informationVerify Fix Applied:
Verify version is 2024.03.2 or later in Administration → Server Administration → Server Health → Version📡 Detection & Monitoring
Log Indicators:
- Multiple authentication failures with malformed tokens
- TeamCity service crashes or restarts
- High CPU/memory usage spikes
Network Indicators:
- Unusual volume of authentication requests
- Requests with malformed Authorization headers
- Traffic patterns suggesting DoS attempts
SIEM Query:
source="teamcity.log" AND ("authentication error" OR "malformed token" OR "service restart")