CVE-2024-27198
The target TeamCity instance is vulnerable to CVE-2024-27198 due to its outdated version; 2023.05.4 (build 129421)
/Practice/Scrutiny/3-Exploitation/attachments/{C29BF0E3-9F34-4000-96AA-30F57B2A1222}.png)
A vulnerability classified as critical has been found in JetBrains TeamCity. Affected is an unknown code block. The manipulation with an unknown input leads to a authentication bypass vulnerability. CWE is classifying the issue as CWE-288. A product requires authentication, but the product has an alternate path or channel that does not require authentication. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Exploit
/Practice/Scrutiny/3-Exploitation/attachments/{D76C0807-8131-4155-A5BA-822670DDE7C3}.png)
Found an exploit online
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/scrutiny]
└─$ git clone https://github.com/W01fh4cker/CVE-2024-27198-RCE ; python3 -m venv CVE-2024-27198-RCE/.venv ; source CVE-2024-27198-RCE/.venv/bin/activate ; pip3 install requests urllib3 faker Downloaded and set up the exploit package