Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TEAMCITY_2023_11_2.NASL
HistoryFeb 09, 2024 - 12:00 a.m.

TeamCity Server < 2023.11.2 Multiple Vulnerabilities

2024-02-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
teamcity
vulnerabilities
access control
xss
directory traversal
jetbrains
s3 artifact storage
kotlin dsl

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

According to its its self-reported version number, the version of JetBrains TeamCity running on the remote host is a version prior to 2023.11.2. It is, therefore, affected by multiple vulnerabilities:

  • Access control at the S3 Artifact Storage plugin endpoint was missed (CVE-2024-24936)

  • Stored XSS via agent distribution was possible (CVE-2024-24937)

  • Limited directory traversal was possible in the Kotlin DSL documentation (CVE-2024-24938)

Note that Nessus did not actually test for these issues, but instead has relied on the version found in the server’s banner.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(190348);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/18");

  script_cve_id("CVE-2024-24936", "CVE-2024-24937", "CVE-2024-24938");
  script_xref(name:"IAVA", value:"2024-A-0334");
  script_xref(name:"IAVA", value:"2024-A-0069-S");

  script_name(english:"TeamCity Server < 2023.11.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its its self-reported version number, the version of JetBrains TeamCity running on the
remote host is a version prior to 2023.11.2. It is, therefore, affected by
multiple vulnerabilities:

  - Access control at the S3 Artifact Storage plugin endpoint was missed (CVE-2024-24936)

  - Stored XSS via agent distribution was possible (CVE-2024-24937)

  - Limited directory traversal was possible in the Kotlin DSL documentation (CVE-2024-24938)

Note that Nessus did not actually test for these issues, but instead
has relied on the version found in the server's banner.");
  # https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?48be73f6");
  script_set_attribute(attribute:"solution", value:
"Upgrade to JetBrains TeamCity version 2023.11.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-24937");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/09");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:jetbrains:teamcity");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jetbrains_teamcity_web_detect.nbin");
  script_require_keys("installed_sw/JetBrains TeamCity");
  script_require_ports("Services/www", 80, 443);

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var port = get_http_port(default:80);

var app_info = vcf::get_app_info(app:'JetBrains TeamCity', port:port, webapp:TRUE);

var constraints = [
  { 'fixed_version' : '2023.11.2' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});
VendorProductVersionCPE
jetbrainsteamcitycpe:/a:jetbrains:teamcity

Related

cve 3
prion 3
cvelist 3
nvd 3
cve
cve
CVE-2024-24937
2024-02-06 10:15:09
CVE-2024-24938
2024-02-06 10:15:10
CVE-2024-24936
2024-02-06 10:15:09
prion
prion
Cross site scripting
2024-02-06 10:15:00
Directory traversal
2024-02-06 10:15:00
Code injection
2024-02-06 10:15:00
cvelist
cvelist
CVE-2024-24937
2024-02-06 09:21:28
CVE-2024-24938
2024-02-06 09:21:29
CVE-2024-24936
2024-02-06 09:21:27
nvd
nvd
CVE-2024-24938
2024-02-06 10:15:10
CVE-2024-24936
2024-02-06 10:15:09
CVE-2024-24937
2024-02-06 10:15:09

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON
Related for TEAMCITY_2023_11_2.NASL
cve3prion3cvelist3nvd3