Critical Security Update Released for JetBrains TeamCity On-Premises

Exploitation of the two vulnerabilities could allow an attacker to gain administrative control of a TeamCity server

Threat ID:: CC-4459
Threat Severity:: Medium
Published:: 5 March 2024 1:50 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation of the two vulnerabilities could allow an attacker to gain administrative control of a TeamCity server

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 2023.11.4

JetBrains TeamCity

Threat details

Introduction

JetBrains has released a critical security advisory addressing two authentication bypass vulnerabilities in the web component of TeamCity On-Premises.

The vulnerability CVE-2024-27198 is rated critical with a CVSSv3 score 9.8. A remote attacker could exploit this vulnerability to achieve unauthenticated remote code execution (RCE).
The vulnerability CVE-2024-27199 is rated high with a CVSSv3 score 7.3. A remote attacker could exploit this vulnerability to obtain limited information disclosure and system modification, including the ability to replace the HTTPS certificate with a malicious one.

TeamCity Cloud servers have already been updated.

Widespread exploitation reported

Widespread exploitation has been reported for CVE-2024-27198, with new user accounts created on compromised instances.

JetBrains states that it is imperative to update immediately. This product line has previously been targeted for exploitation by advanced persistent threat groups.

Proof-of-concept exploit code has been published by the company that disclosed the vulnerability to JetBrains.

JetBrains strongly recommends that customers make any publicly accessible servers inaccessible until mitigation or remediation actions have been completed.

Threat updates

Date	Update
7 Mar 2024	Active widespread exploitation of CVE-2024-27198 reported This Cyber Alert has been updated to reflect this change.

Remediation advice

Affected organisations are strongly encouraged to review the JetBrains security advisory for CVE-2024-27198 and CVE-2024-27199 and immediately mitigate or apply security updates.

JetBrains strongly recommends that customers make any publicly accessible servers inaccessible until mitigation or remediation actions have been completed.

Definitive source of threat updates

https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/

CVE Vulnerabilities

Status Published

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Status Published

CVE-2024-27199

In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Last edited: 7 March 2024 4:56 pm