The US Cybersecurity and Infrastructure Security Agency (CISA) added a recently discovered JetBrains vulnerability to its Catalog of Known Exploited Vulnerabilities (KEV), saying it found evidence of active exploitation.
“These types of vulnerabilities are frequent attack vectors for malicious cyberattacks and pose significant risks to the federal enterprise,” the follow-up security advisory reads.
CISA further stated that it added this flaw to Binding Operational Directive (BOD) 22-01, a frequently updated list of vulnerabilities that are actively used against agencies of the Federal Civil Executive Branch (FCEB), essentially government agencies. BOD 22-01 also mandates FCEB agencies to apply the latest patches and protect their endpoints against known vulnerabilities within a predetermined timeframe.
A patch is available
The JetBrains flaw refers to a critical authentication bypass in the TeamCity On-Premises software, allowing unauthenticated attackers to take full control of target servers. It is tracked as CVE-2024-27198 and has a severity score of 9.8, making it critical.
“Compromising a TeamCity server allows an attacker to have full control over all TeamCity projects, builds, agents and artifacts and, as such, is a suitable vector to position an attacker to conduct a supply chain attack,” they said. security researchers at Rapid7, who first discovered the vulnerability and reported it to JetBrains earlier this month.
Since then, the company released a patch that fixed a second vulnerability: CVE-2024-27199. This authentication bypass flaw could be used to execute DDoS attacks against a TeamCity server, as well as adversary attacks in the middle. It has a severity score of 7.3.
“This authentication bypass allows a limited number of authenticated endpoints to be reached without authentication,” Rapid7 said. “An unauthenticated attacker can exploit this vulnerability to modify a limited number of system configurations on the server, as well as reveal a limited amount of sensitive server information.”
All versions up to 2023.11.3 were said to be vulnerable. JetBrains urged all users to update their software to version 2023.11.4.
JetBrains TeamCity users have reportedly become a popular target among North Korean and Russian threat actors, which is why the company urged them to apply the patch without delay.
