A new critical vulnerability in JetBrains allows hackers to hijack entire servers
Cybersecurity researchers recently discovered two very serious vulnerabilities in JetBrain’s TeamCity On-Premises software.
The software is described as a “powerful and easy-to-use Continuous Integration and Deployment server,” which developers can use to build, monitor, and run automated tests on servers before deploying changes. According to the Rapid7 experts who discovered them, the vulnerabilities could be used to completely take over vulnerable systems, conduct Distributed Denial of Service (DDoS) attacks, and more.
The first is tracked as CVE-2024-27198 and has a severity score of 9.8, making it critical. It is described as an authentication bypass, allowing unauthenticated remote attackers to completely take over the target servers: “Compromising a TeamCity server gives an attacker full control over all TeamCity projects, builds, agents, and artifacts, and is like such a suitable vector to position an attack.” attacker to conduct a supply chain attack,” the researchers warned.
The second flaw is tracked as CVE-2024-27199 and has a severity score of 7.3. This authentication bypass flaw can be used to launch DDoS attacks on the TeamCity server, as well as adversary attacks in the middle.
“This authentication bypass allows a limited number of authenticated endpoints to be reached without authentication,” Rapid7 said. “An unauthenticated attacker could exploit this vulnerability to both change a limited number of system settings on the server, and to disclose a limited amount of sensitive information from the server.”
All versions up to and including 2023.11.3 are said to be vulnerable. JetBrains released a patch earlier this month urging all users to upgrade their software to version 2023.11.4.
According to The hacker newsJetBrains TeamCity users have become a popular target among North Korean and Russian threat actors. Therefore, the company urged them to apply the patch without delay.