CVE-2019-15039
published 2019-10-01CVE-2019-15039: An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.93%
95.8th percentile
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetbrains | teamcity | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for RMI registry lookups of the name 'teamcity-mavenServer' from unexpected or external source IPs, which is the key RMI call made by the exploit to obtain the remote MavenServer object. ↗
- ·The vulnerability affects TeamCity 2018.2.4 and was fixed in TeamCity 2019.1; any instance still running 2018.2.4 (particularly on Windows) should be considered exploitable via unauthenticated Java RMI. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.htmlhttps://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.htmlhttps://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/
2019-10-01
Published