CISA warns of a JetBrains TeamCity flaw that allows hackers to generate administrator accounts
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently discovered JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and says it has found evidence of active exploitation.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” it continued. safety advice is reading.
CISA further stated that it has added this flaw to Binding Operational Directive (BOD) 22-01, a regularly updated list of vulnerabilities actively used against Federal Civilian Executive Branch (FCEB) agencies, essentially government agencies. BOD 22-01 also forces FCEB agencies to apply the latest patches and protect their endpoints against known vulnerabilities by a predetermined deadline.
A plaster is available
The JetBrains flaw refers to a critical authentication bypass in the TeamCity On-Premises software, allowing unauthenticated attackers to completely take over target servers. It is tracked as CVE-2024-27198 and has a severity score of 9.8, making it critical.
“Compromising a TeamCity server gives an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to conduct a supply chain attack “, said security researchers at Rapid7, who first discovered the attack. vulnerability and reported it to JetBrains earlier this month.
The company has since released a patch addressing a second vulnerability: CVE-2024-27199. This authentication bypass flaw can be used to conduct DDoS attacks on a TeamCity server, as well as adversary attacks in the middle. It has a severity score of 7.3.
“This authentication bypass allows a limited number of authenticated endpoints to be reached without authentication,” Rapid7 said. “An unauthenticated attacker could leverage this vulnerability to both change a limited number of system settings on the server, and to disclose a limited amount of sensitive information from the server.”
All versions up to and including 2023.11.3 are said to be vulnerable. JetBrains has urged all users to upgrade their software to version 2023.11.4.
JetBrains TeamCity users have reportedly become a popular target among North Korean and Russian threat actors. Therefore, the company has urged them to apply the patch without delay.