CISA warns on JetBrains TeamCity flaw that could allow hackers to generate admin accounts

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock) (Image credit: Shutterstock)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently discovered JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, saying it found evidence of active exploitation.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” the follow-up security advisory reads. 

CISA further stated it added this flaw to the Binding Operational Directive (BOD) 22-01, a frequently updated list of vulnerabilities that are being actively used against Federal Civilian Executive Branch (FCEB) agencies - government agencies, essentially. BOD 22-01 also forces FCEB agencies to apply the latest patches and protect their endpoints against known vulnerabilities within a predetermined deadline.

A patch is available

The JetBrains flaw refers to a critical authentication bypass in the TeamCity On-Premises software, allowing unauthenticated attackers to fully take over target servers. It is tracked as CVE-2024-27198, and carries a severity score of 9.8, making it critical.

"Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack," said security researchers from Rapid7, who first discovered the vulnerability and reported it to JetBrains earlier this month.

The company has since released a patch, through which it addressed a second vulnerability - CVE-2024-27199. This authentication bypass flaw could be used to run DDoS attacks against a TeamCity server, as well as adversary-in-the-middle attacks. It carries a severity score of 7.3.

"This authentication bypass allows for a limited number of authenticated endpoints to be reached without authentication," Rapid7 said. “An unauthenticated attacker can leverage this vulnerability to both modify a limited number of system settings on the server, as well as disclose a limited amount of sensitive information from the server."

All versions up to 2023.11.3 were said to be vulnerable. JetBrains urged all users to upgrade their software to version 2023.11.4. 

JetBrains TeamCity users have reportedly become a popular target among North Korean and Russian threat actors, which is why the company urged them to apply the patch without delay.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
malware
US government warns federal agencies to patch dangerous Windows kernel bug
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Avast cybersecurity
Hackers are hijacking government software to access sensitive servers
A close-up of an interent search bar with 'http://ww' visible
US government warns this popular CMS software has a worrying security flaw
Latest in Security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Latest in News
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin's Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ
Google Gemini AI logo on a smartphone with Google background
I made an AI version of Bilbo Baggins using Goggle Gemini for free, and shared a pipe with him outside Bag End – here’s what you can now do with Gems
Nicole Kidman wears a blue blouse with her arms crossed.
Netflix might be renewing The Perfect Couple and Beauty in Black for season 2, but I don’t get why when it’s canceled shows with poorer ratings
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application