Security News > 2024 > March > Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately.

"Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.

TeamCity by JetBrains is a continuous integration and continuous delivery server, vulnerabilities in which have lately been exploited by Russian and North Korean state-sponsored attackers.

"The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server," the company warns.

Customers are advised to upgrade to the fixed version or to apply the security patch plugin - compatible with all TeamCity versions - if they can't upgrade their servers to v2023.

"JetBrains' policy typically involves withholding technical details of vulnerabilities for a longer period of time after a release to ensure thorough mitigation; however, this accelerated timeline necessitates an immediate server upgrade or patching to prevent exploitation," the company added.

News URL

https://www.helpnetsecurity.com/2024/03/04/cve-2024-27198-cve-2024-27199/