Security News > 2024 > March > Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)
JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately.
"Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.
TeamCity by JetBrains is a continuous integration and continuous delivery server, vulnerabilities in which have lately been exploited by Russian and North Korean state-sponsored attackers.
"The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company warns.
Customers are advised to upgrade to the fixed version or to apply the security patch plugin - compatible with all TeamCity versions - if they can't upgrade their servers to v2023.
"JetBrains' policy typically involves withholding technical details of vulnerabilities for a longer period of time after a release to ensure thorough mitigation; however, this accelerated timeline necessitates an immediate server upgrade or patching to prevent exploitation," the company added.
News URL
https://www.helpnetsecurity.com/2024/03/04/cve-2024-27198-cve-2024-27199/
Related news
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)