Authentication Bypass in JetBrains TeamCity Allows Admin Actions
Key Information
- Vendor
- Jetbrains
- Status
- Teamcity
- Vendor
- CVE Published:
- 4 March 2024
Badges
Summary
Two serious vulnerabilities, CVE-2024-27198 and CVE-2024-27199, have been discovered in the JetBrains TeamCity server. These vulnerabilities allow a remote, unauthenticated attacker to bypass authentication checks and gain administrative control of the server. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-27198 to its Known Exploited Vulnerabilities Catalog, indicating evidence of active exploitation. The vulnerabilities affect all TeamCity on-premises versions through 2023.11.3 and have been fixed in version 2023.11.4. Exploitation code is readily available online, and attackers have already compromised over 1,440 instances. It is recommended for users to update or patch their instances to protect against active threats.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-27198 as being exploited and is known by the CISA as enabling ransomware campaigns.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
TeamCity < 2023.11.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
JetBrains patches new TeamCity authentication bypass bugs
TeamCity servers risk being exposed to “complete compromise” if patch isn’t installed, researchers warned.
4 months ago
Трендовые уязвимости марта: обновляйтесь и импортозамещайтесь
Хабр, привет! Я Александр Леонов, и мы с командой аналитиков Positive Technologies каждый месяц изучаем информацию о недостатках безопасности из баз, бюллетеней безопасности вендоров, социальных...
7 months ago
PravinKarthik
Read all of the posts by PravinKarthik on TheCyberThrone
7 months ago
EPSS Score
97% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
- 👾
Exploit exists.
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.