Flash Notice: Two Vulnerabilities Found in JetBrains' TeamCity On-Premises Exploited by Attackers

overview

A critical authentication bypass vulnerability (CVE-2024-27198 – CVSS 9.8) has been found in TeamCity CI/CD servers by JetBrains. CVE-2024-27198 allows remote, unauthenticated attackers to exploit an authentication bypass issue, granting them administrative privileges over vulnerable TeamCity On-Premises servers. 

Additionally, a second vulnerability (CVE-2024-27199 – CVSS 7.3) has been identified, though less severe. This flaw allows attackers to bypass authentication and modify a limited number of system settings without proper authentication. While not as critical as CVE-2024-27198, it is still a significant risk, particularly for denial-of-service attacks or interception of client connections.  

According to Rapid7, the cybersecurity researchers responsible for identifying the bugs, the two vulnerabilities could allow an attacker to take control over all TeamCity projects, builds, agents, and artifacts, and position the attackers to perform a supply chain attack. Rapid7 also published full technical details of the vulnerabilities, as well as replication steps. 

JetBrains has issued updates for CVE-2024-27198 and CVE-2024-27199. Administrators should patch TeamCity installations to the latest version immediately, as the vulnerabilities are now being exploited by attackers.  

avertium's recommendationS

• Avertium recommends that administrators patch their TeamCity installations to the latest versions (2023.11.4) or apply the provided security patch plugin from JetBrains.  
• For those unable to immediately patch their servers, it's recommended to temporarily take them offline until proper mitigation measures can be implemented. 
• Please see JetBrains’ advisory for patch guidance and mitigation steps.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive 

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
• Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
  • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
  • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
  • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).
• We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 

SUPPORTING DOCUMENTATION