automatic module_metadata_base.json update
This commit is contained in:
parent
55dd5aa9c0
commit
d2c19efeac
|
@ -101168,6 +101168,70 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_multi/http/jetbrains_teamcity_rce_cve_2024_27198": {
|
||||
"name": "JetBrains TeamCity Unauthenticated Remote Code Execution",
|
||||
"fullname": "exploit/multi/http/jetbrains_teamcity_rce_cve_2024_27198",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2024-03-04",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"sfewer-r7"
|
||||
],
|
||||
"description": "This module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated\n attacker can leverage this to access the REST API and create a new administrator access token. This token\n can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve\n unauthenticated RCE on the target TeamCity server. On older versions of TeamCity, access tokens do not exist\n so the exploit will instead create a new administrator account before uploading a plugin. Older version of\n TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed,\n however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code\n execution instead, as this is supported on all versions tested.",
|
||||
"references": [
|
||||
"CVE-2024-27198",
|
||||
"URL-https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/",
|
||||
"URL-https://blog.jetbrains.com/teamcity/2024/03/teamcity-2023-11-4-is-out/"
|
||||
],
|
||||
"platform": "Java,Linux,Unix,Windows",
|
||||
"arch": "java, cmd",
|
||||
"rport": 8111,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Java",
|
||||
"Java Server Page",
|
||||
"Windows Command",
|
||||
"Linux Command",
|
||||
"Unix Command"
|
||||
],
|
||||
"mod_time": "2024-03-13 09:58:51 +0000",
|
||||
"path": "/modules/exploits/multi/http/jetbrains_teamcity_rce_cve_2024_27198.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "multi/http/jetbrains_teamcity_rce_cve_2024_27198",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": true
|
||||
},
|
||||
"exploit_multi/http/jira_hipchat_template": {
|
||||
"name": "Atlassian HipChat for Jira Plugin Velocity Template Injection",
|
||||
"fullname": "exploit/multi/http/jira_hipchat_template",
|
||||
|
|
Loading…
Reference in New Issue