JetBrains has released TeamCity version 2023.11.4 on March 4 to address critical security vulnerabilities discovered by Rapid7 researcher Stephen Fewer.
Description
This release addresses a critical security vulnerability (CVE-2024-27198) that allows remote unauthenticated attackers to gain administrative control over servers [3]. Additionally, a security patch plugin has been included to address another vulnerability (CVE-2024-27199). These vulnerabilities have high CVSS base scores of 9.8 and 7.3 respectively. The first vulnerability is an authentication bypass that allows attackers to take over target servers [1], while the second flaw can be used for DDoS attacks and adversary-in-the-middle attacks [1]. Users are urged to urgently upgrade or install the security patch to prevent exploitation by threat actors, particularly from North Korea and Russia [1]. The vulnerabilities could lead to complete compromise of a vulnerable TeamCity server [5], including unauthenticated remote code execution [5]. Despite JetBrains’ initial decision not to disclose technical details until after patching, Rapid7 later published full details of the vulnerabilities [6]. The Shadowserver Foundation has reported exploitation activity for CVE-2024-27198 [2] [4]. Previous TeamCity vulnerabilities have been exploited by threat actors [2], including Russian nation-state actor Cozy Bear and North Korean threat actors [2]. TeamCity cloud servers have been patched [2], but on-premise installations remain vulnerable [3]. Users are advised to apply security patches or take servers offline if unable to update immediately [2]. Rapid7 has seen attempted exploitation but has not confirmed successful code execution [2].
Conclusion
The release of TeamCity version 2023.11.4 addresses critical security vulnerabilities that could lead to severe consequences if exploited by threat actors. Users are strongly advised to apply security patches promptly to mitigate the risk of compromise. The disclosure of these vulnerabilities highlights the importance of timely updates and proactive security measures to protect against potential threats in the future.
References
[1] https://www.techradar.com/pro/security/new-critical-jetbrains-security-flaw-could-let-hackers-hijack-entire-servers
[2] https://www.techtarget.com/searchSecurity/news/366572432/Critical-JetBrains-TeamCity-vulnerabilities-under-attack
[3] https://www.blackhatethicalhacking.com/news/critical-vulnerability-in-jetbrains-teamcity-exposes-servers-to-remote-takeover/
[4] https://www.helpnetsecurity.com/2024/03/04/cve-2024-27198-cve-2024-27199/
[5] https://www.infosecurity-magazine.com/news/teamcity-urged-patch-critical/
[6] https://blog.jetbrains.com/teamcity/2024/03/our-approach-addressing-recently-discovered-vulnerabilities-in-teamcity-on-premises/
