Cybersecurity researchers recently discovered two high-severity vulnerabilities in JetBrains TeamCity On-Premises software.
The software is described as a “powerful and easy-to-use continuous integration and deployment server,” which developers can use to create, verify, and run automated tests on servers before making changes. The vulnerabilities, according to the Rapid7 experts who discovered them, could be used to completely take over vulnerable systems, launch distributed denial of service (DDoS) attacks, and more.
The first is tracked as CVE-2024-27198 and has a severity score of 9.8, making it critical. It is described as an authentication bypass, which allows unauthenticated remote attackers to take full control of target servers: “Compromising a TeamCity server allows an attacker to have full control over all TeamCity projects, builds, agents, and artifacts. and, as such, is a suitable vector to position an attacker to conduct a supply chain attack,” the researchers warned.
The second flaw is tracked as CVE-2024-27199 and has a severity score of 7.3. This authentication bypass flaw can be used to mount DDoS attacks against the TeamCity server as well as adversary attacks in between.
“This authentication bypass allows a limited number of authenticated endpoints to be reached without authentication,” Rapid7 said. “An unauthenticated attacker can exploit this vulnerability to modify a limited number of system configurations on the server, as well as reveal a limited amount of sensitive server information.”
All versions up to 2023.11.3 were said to be vulnerable. JetBrains released a patch earlier this month and urged all users to update their software to version 2023.11.4.
According Hacker NewsJetBrains TeamCity users have become a popular target among North Korean and Russian threat actors, so the company urged them to apply the patch without delay.
