CVE-2024-47950 in TeamCity
Summary
by MITRE • 10/08/2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/08/2025
The vulnerability identified as CVE-2024-47950 represents a stored cross-site scripting flaw discovered in JetBrains TeamCity versions prior to 2024.07.3. This security weakness specifically affects the backup configuration settings functionality within the TeamCity continuous integration and deployment platform. The issue arises when user-supplied input containing malicious script code is stored within the system's backup configuration parameters and subsequently executed when the configuration is rendered to users. This allows attackers to inject persistent malicious scripts that can compromise user sessions and execute unauthorized actions on behalf of authenticated users.
The technical implementation of this vulnerability stems from insufficient input validation and output encoding within the backup configuration management interface. When administrators or users configure backup settings, the system fails to properly sanitize user-provided data before storing it in the database. The stored data is then retrieved and displayed without adequate HTML escaping or context-appropriate encoding, creating an environment where malicious JavaScript code can execute in the browser context of other users who view the affected backup configuration pages. This flaw operates under the Common Weakness Enumeration category CWE-79 which specifically addresses Cross-Site Scripting vulnerabilities, and aligns with ATT&CK technique T1531 which covers the use of malicious scripts for privilege escalation and data exfiltration.
The operational impact of this stored XSS vulnerability extends beyond simple script execution as it provides attackers with persistent access to the TeamCity environment. An attacker who successfully exploits this vulnerability can hijack user sessions, steal authentication tokens, modify backup configurations to redirect data to malicious servers, or even escalate privileges within the CI/CD pipeline. The vulnerability is particularly concerning in enterprise environments where TeamCity serves as a critical component of software development workflows, as it could enable attackers to compromise the integrity of build processes and potentially access sensitive source code repositories. The persistence of the vulnerability means that malicious scripts remain active until the affected configuration is manually removed or the system is updated, making it a long-term threat to organizational security.
Organizations utilizing JetBrains TeamCity should immediately upgrade to version 2024.07.3 or later to remediate this vulnerability. Additionally, administrators should implement network-level monitoring to detect unusual backup configuration changes and conduct regular security assessments of their CI/CD environments. The mitigation strategy should include input validation controls, output encoding mechanisms, and regular security training for administrators who manage backup configurations. Implementing web application firewalls and content security policies can provide additional defense-in-depth measures. Organizations should also review their backup configuration access controls to ensure only authorized personnel can modify these critical settings, reducing the attack surface for potential exploitation of this vulnerability.