CISA warns on JetBrains TeamCity flaw that could allow hackers to generate admin accounts
TeamCity flaw was added to the KEV list
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently discovered JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, saying it found evidence of active exploitation.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the follow-up security advisory reads.
CISA further stated it added this flaw to the Binding Operational Directive (BOD) 22-01, a frequently updated list of vulnerabilities that are being actively used against Federal Civilian Executive Branch (FCEB) agencies - government agencies, essentially. BOD 22-01 also forces FCEB agencies to apply the latest patches and protect their endpoints against known vulnerabilities within a predetermined deadline.
A patch is available
The JetBrains flaw refers to a critical authentication bypass in the TeamCity On-Premises software, allowing unauthenticated attackers to fully take over target servers. It is tracked as CVE-2024-27198, and carries a severity score of 9.8, making it critical.
"Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack," said security researchers from Rapid7, who first discovered the vulnerability and reported it to JetBrains earlier this month.
The company has since released a patch, through which it addressed a second vulnerability - CVE-2024-27199. This authentication bypass flaw could be used to run DDoS attacks against a TeamCity server, as well as adversary-in-the-middle attacks. It carries a severity score of 7.3.
"This authentication bypass allows for a limited number of authenticated endpoints to be reached without authentication," Rapid7 said. “An unauthenticated attacker can leverage this vulnerability to both modify a limited number of system settings on the server, as well as disclose a limited amount of sensitive information from the server."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
All versions up to 2023.11.3 were said to be vulnerable. JetBrains urged all users to upgrade their software to version 2023.11.4.
JetBrains TeamCity users have reportedly become a popular target among North Korean and Russian threat actors, which is why the company urged them to apply the patch without delay.
More from TechRadar Pro
- New critical JetBrains security flaw could let hackers hijack entire servers
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.