CVE-2024-47949 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-47949?

CVE-2024-47949 has a CVSS score of 4.9 (MEDIUM). This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to write backup files to arbitrary locations on the server. Attackers could potentially overwrite critical system files or deploy malicious content. All TeamCity instances running versions before 2024.07.3 are affected.

📋 TL;DR

This CVE describes a path traversal vulnerability in JetBrains TeamCity that allows attackers to write backup files to arbitrary locations on the server. Attackers could potentially overwrite critical system files or deploy malicious content. All TeamCity instances running versions before 2024.07.3 are affected.

💻 Affected Systems

Products:

JetBrains TeamCity

Versions: All versions before 2024.07.3

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All TeamCity installations with backup functionality enabled are vulnerable.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through overwriting critical system files, installation of persistent backdoors, or denial of service by corrupting essential files.

🟠

Likely Case

Unauthorized file writes to TeamCity directories, potentially enabling privilege escalation or data manipulation within the TeamCity environment.

🟢

If Mitigated

Limited impact with proper file permission restrictions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication to TeamCity to exploit the backup functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2024.07.3

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: Yes

Instructions:

1. Download TeamCity 2024.07.3 from JetBrains website. 2. Stop the TeamCity service. 3. Backup your current installation. 4. Install the new version. 5. Restart TeamCity service.

🔧 Temporary Workarounds

Restrict backup file locations

all

Configure TeamCity to only allow backup writes to specific, controlled directories

Modify TeamCity configuration to set restricted backup paths

Disable backup functionality

all

Temporarily disable TeamCity backup features until patching can be completed

Disable backup-related permissions in TeamCity administration

🧯 If You Can't Patch

Implement strict file system permissions to prevent TeamCity from writing outside designated directories
Deploy network segmentation to isolate TeamCity servers from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Server Health → Version

Check Version:

Check TeamCity web interface at Administration → Server Administration → Server Health

Verify Fix Applied:

Verify version is 2024.07.3 or later in the same location

📡 Detection & Monitoring

Log Indicators:

Unusual backup operations
File write attempts to unexpected locations
Failed path validation errors

Network Indicators:

Unusual backup-related API calls
Suspicious file transfer patterns

SIEM Query:

source="teamcity" AND (event_type="backup" OR file_write) AND path NOT CONTAINS "/expected/backup/path/"

📊 Metadata

CVE ID: CVE-2024-47949

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-23

Published: October 8, 2024

Last Updated: October 11, 2024

🔗 References

https://www.jetbrains.com/privacy-security/issues-fixed/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47949, you might also want to check these: