CVE-2024-43809 in TeamCity
Summary
by MITRE • 08/16/2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/25/2026
The vulnerability in JetBrains TeamCity prior to version 2024.07.1 represents a reflected cross-site scripting flaw that could be exploited by remote attackers to execute malicious scripts within the context of a victim's browser. This issue specifically affected the agentPushPreset page, which is part of TeamCity's agent management functionality where users can configure agent push presets for automated agent deployment scenarios. The vulnerability stems from insufficient input validation and output encoding mechanisms within the web application's response handling for this particular page endpoint. When a user navigates to the agentPushPreset page with maliciously crafted parameters in the HTTP request, the application fails to properly sanitize the input data before including it in the HTML response, allowing attacker-controlled content to be executed in the victim's browser context. This reflected XSS vulnerability falls under CWE-79 which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding. The operational impact of this vulnerability extends beyond simple script execution as it could enable attackers to steal session cookies, perform unauthorized actions on behalf of users, or redirect victims to malicious sites. Given that TeamCity serves as a continuous integration and deployment platform, successful exploitation could potentially compromise build processes, access sensitive configuration data, or provide attackers with elevated privileges within the CI/CD environment. The vulnerability aligns with ATT&CK technique T1566.001 which covers phishing with malicious attachments and links, as attackers could craft malicious URLs targeting the vulnerable page to trick users into executing the XSS payload. The reflected nature of this vulnerability means that the malicious payload must be delivered via an external link or message, making it particularly dangerous in environments where users frequently click on links or receive notifications from various sources. Organizations using TeamCity versions prior to 2024.07.1 should immediately implement the available security patch to mitigate this risk, as the vulnerability could be exploited in targeted attacks against developers or administrators who might inadvertently click on malicious links. The fix typically involves proper input validation and output encoding of user-supplied parameters within the agentPushPreset page to prevent malicious scripts from being executed in the browser context. Security teams should also consider implementing additional monitoring and logging around the affected page to detect potential exploitation attempts, while ensuring that all users are promptly updated on the security patch deployment to maintain system integrity and prevent unauthorized access to critical build infrastructure.