March 4, 2024 at 05:44PM
A critical vulnerability in JetBrains’ TeamCity On-Premises CI/CD solution (CVE-2024-27198) allows remote attackers to gain administrative control. Exploits are available, prompting urgent updates to the latest product version or installation of a security patch. Another vulnerability (CVE-2024-27199) permits unauthorized system settings modification. Administrators must prioritize addressing these issues. Rapid7 discovered and demonstrated the severity of the flaws. Update to TeamCity 2023.11.4 or install the security patch plugin.
Based on the meeting notes:
– A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains allows remote unauthenticated attackers to take control of the server with administrative permissions.
– Full technical details to create an exploit for this vulnerability are available, so administrators are strongly recommended to prioritize addressing the issue by updating to the latest version of the product or installing a security patch plugin from the vendor.
– JetBrains released a new version of the product, which includes a fix for a second, less severe security issue (CVE-2024-27199) that allows modifying a limited number of system settings without authentication.
– Both issues are in the web component of TeamCity and impact all versions of on-premise installations.
– The vulnerabilities were discovered by Stephen Fewer, a principal security researcher at Rapid7, and reported to JetBrains in mid-February.
– Rapid7 demonstrated the severity of the critical vulnerability by creating an exploit that generated authentication and allowed them to get shell access on the target TeamCity server.
– Though less severe, the second vulnerability could be exploited for denial-of-service attacks or to listen on client connections from an adversary-in-the-middle position.
– JetBrains announced the release of TeamCity 2023.11.4, which addresses the two vulnerabilities, advising administrators to update their servers to this version. If that is not immediately possible, a security patch plugin is available. The cloud variant of the server has already been patched.
– On-premise installations of TeamCity that have not received the update are at risk, as adversaries are expected to start scanning for vulnerable servers exposed on the public internet and attempt to obtain access with administrative privileges for supply-chain attacks.
It’s crucial to ensure that all administrators are promptly informed about the need to update to the latest version of TeamCity or install the security patch plugin to protect against these vulnerabilities.