New Vulnerabilities in JetBrains TeamCity Pose Severe Risks
In the evolving landscape of cybersecurity, two newly discovered vulnerabilities present stark reminders of the persistent threats facing software infrastructure. Rapid7’s research team has identified critical security issues in JetBrains TeamCity On-Premises, which could allow attackers with HTTP(S) access to take control. The vulnerabilities, cataloged as **CVE-2024-27198** and **CVE-2024-27199**, strike at the heart of system security by enabling remote attackers to bypass authentication checks.
**CVE-2024-27198** poses a severe risk with a CVSS score of 9.8, potentially leading to a full server compromise. This flaw arises from an alternative path issue that gives attackers unauthorized control over the project and server settings. **CVE-2024-27199**, with a CVSS score of 7.3, permits more limited information disclosure but can still significantly impact system integrity by allowing HTTPS certificate replacements or changes to the service port number.
JetBrains has reacted swiftly, releasing an updated version 2023.11.4 on March 3, 2024, which addresses these vulnerabilities. The TeamCity Cloud instances were secured upon discovering the flaws. Additional resources, including a security patch plugin, have been made available for older versions of the software. With the technical details soon to be disclosed by Rapid7, it is imperative that all TeamCity On-Premises administrators undertake immediate server updates to prevent exploitation. Full technical disclosure of these vulnerabilities is expected within 24 hours, as announced by Rapid7 on their blog.
These advisories follow a string of prior incidents in 2023 where TeamCity vulnerabilities were exploited. It underscores a broader industry concern: continuous vigilance and proactive updating are essential in safeguarding against cyber threats. Users and administrators are urged to consult the security notes published by JetBrains and implement the offered patches without delay. The discovery process outlines the critical interaction between security researchers and software providers in ensuring responsible vulnerability disclosure and user protection.
Rapid7’s in-depth analysis of CVE-2024-27198 details the conditions required for exploitation, notably during certain HTTP(S) requests. As the parameters of this exploit become known, the potential for further attacks grows if proper remediation steps are not taken. CVE-2024-27199’s exploitation revolves around the vulnerability of certain paths to path traversal, providing another avenue for attackers to penetrate the system’s defenses.
Timely updates to the affected TeamCity servers are paramount. The updates reign in the threat and fortify the servers against these dangerous vulnerabilities. TeamCity Support remains on hand to assist customers throughout this process. Cybersecurity is not a static defense but an ongoing battle. These corrective measures are not just remediation—they are a call to remain one step ahead in the cybersecurity arms race.
**For those seeking additional information or assistance, consult with the JetBrains [security blog](https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/) or reach out directly to [TeamCity Support](https://www.jetbrains.com/support/).**
If you enjoyed this article, please check out our other articles on CyberNow