March 4, 2024 at 06:09PM
TeamCity’s cloud versions are already patched against new critical vulnerabilities, but on-premises deployments require immediate patching, warns the vendor. The platform, used by major organizations including Citibank and Nike, manages the software development CI/CD pipeline. The vulnerabilities (CVE-2024-27198 and CVE-2024-27199) could enable threat actors to bypass authentication and gain admin control. Rapid7 discovered and reported the flaws in February. The company urges prompt patching to prevent exploitation, emphasizing the criticality of vulnerability management and proactive threat detection strategies.
Key takeaways from the meeting notes are as follows:
1. TeamCity software development platform manager has been updated in the cloud to address new critical vulnerabilities, but on-premises deployments require immediate patching.
2. The vulnerabilities (CVE-2024-27198 and CVE-2024-27199) could allow threat actors to bypass authentication and gain admin control of the victim’s TeamCity server.
3. Rapid7 reported the flaws in February and is expected to release full technical details soon, making it imperative for teams running on-premises versions through 2023.11.3 to patch their systems promptly.
4. The vendor has released an updated TeamCity version 2023-11.4 and offered a security patch plugin for teams unable to upgrade quickly.
5. Governments have warned about active exploitation of similar vulnerabilities by the Russian state-backed group APT29, emphasizing the risks to software supply chain security.
6. There has been a notable increase in both volume and complexity of software supply chain cyberattacks, highlighting the importance of prompt vulnerability management and proactive threat detection strategies.
These takeaways can be used to inform decision-making and action items related to the security and management of TeamCity deployments.