The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a essential security flaw impacting JetBrains TeamCity On-Premises software program to its Recognized Exploited Vulnerabilities (KEV) catalog, primarily based on proof of energetic exploitation.
The vulnerability, tracked as CVE-2024-27198 (CVSS rating: 9.8), refers to an authentication bypass bug that enables for a whole compromise of a prone server by a distant unauthenticated attacker.
It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS rating: 7.3), one other moderate-severity authentication bypass flaw that enables for a “restricted quantity” of data disclosure and system modification.
“The vulnerabilities could allow an unauthenticated attacker with HTTP(S) entry to a TeamCity server to bypass authentication checks and achieve administrative management of that TeamCity server,” the corporate famous on the time.
Risk actors have been noticed weaponizing the dual flaws to ship Jasmin ransomware in addition to create a whole lot of rogue consumer accounts, in line with CrowdStrike and LeakIX. The Shadowserver Basis mentioned it detected exploitation makes an attempt ranging from March 4, 2024.
Statistics shared by GreyNoise present that CVE-2024-27198 has come beneath broad exploitation from over a dozen distinctive IP addresses shortly after public disclosure of the flaw.
In mild of energetic exploitation, customers working on-premises variations of the software program are suggested to use the updates as quickly as attainable to mitigate potential threats. Federal businesses are required to patch their cases by March 28, 2024.
