HomeVulnerabilityTeamCity hit by vital software program provide chain bugs

TeamCity hit by vital software program provide chain bugs

JetBrains is advising instant patching of two new vulnerabilities affecting its TeamCity software program, a CI/CD pipeline software that may permit attackers to achieve unauthenticated administrative entry.

Tracked beneath CVE-2024-27198 and CVE-2024-27199, the vital bugs have already been mounted inside TeamCity cloud servers with an on-premises patch accessible with model 2023.11.4.

“The vulnerabilities might allow an unauthenticated attacker with HTTP(S) entry to a TeamCity server to bypass authentication checks and acquire administrative management of that TeamCity server,” JetBrains mentioned in a weblog put up on the difficulty. “The vulnerabilities have an effect on all TeamCity On-Premises variations via 2023.11.3.”

TeamCity is a broadly used software for managing CI/CD pipelines, the continual means of constructing, deploying, and testing software program codes, adopted by a spread of worldwide manufacturers together with Tesla, McAfee, Samsung, Nvidia, HP, and Motorola.

Vital server jacking bugs

The bugs had been first reported to JetBrains by Rapid7 as two new vital TeamCity on-premises flaws that might permit attackers to achieve administrative management of the TeamCity server. They had been subsequently assigned excessive CVSS base scores of 9.8/10 (CVE-2024-27198) and seven.5/10 (CVE-2024-27199).

See also  Unique: CrowdStrike eyes Action1 for $1B amid fallout from Falcon replace mishap

Whereas each JetBrains and Rapid7 have but to reveal the technical particulars of how precisely the vulnerabilities could be exploited, a full disclosure is predicted shortly.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular