cbcvebase.
CVE-2019-15039
published 2019-10-01

CVE-2019-15039: An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
12.93%
95.8th percentile
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.

Affected

1 ranges
VendorProductVersion rangeFixed in
jetbrainsteamcity

Detection & IOCsextracted from sources · hover to see the quote

commandr.lookup("teamcity-mavenServer")
  • Monitor for RMI registry lookups of the name 'teamcity-mavenServer' from unexpected or external source IPs, which is the key RMI call made by the exploit to obtain the remote MavenServer object.
  • ·The vulnerability affects TeamCity 2018.2.4 and was fixed in TeamCity 2019.1; any instance still running 2018.2.4 (particularly on Windows) should be considered exploitable via unauthenticated Java RMI.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.