A brand new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software program that could possibly be exploited by a risk actor to take management of affected programs.
The issues, tracked as CVE-2024-27198 (CVSS rating: 9.8) and CVE-2024-27199 (CVSS rating: 7.3), have been addressed in model 2023.11.4. They impression all TeamCity On-Premises variations by 2023.11.3.
“The vulnerabilities might allow an unauthenticated attacker with HTTP(S) entry to a TeamCity server to bypass authentication checks and achieve administrative management of that TeamCity server,” JetBrains mentioned in an advisory launched Monday.
TeamCity Cloud cases have already been patched towards the 2 flaws. Cybersecurity agency Rapid7, which found and reported the problems on February 20, 2024, mentioned CVE-2024-27198 is a case of authentication bypass that permits for a whole compromise of a prone server by a distant unauthenticated attacker.
“Compromising a TeamCity server permits an attacker full management over all TeamCity initiatives, builds, brokers and artifacts, and as such is an appropriate vector to place an attacker to carry out a provide chain assault,” the corporate famous.
CVE-2024-27199, additionally an authentication bypass flaw, stems from a path traversal difficulty that may allow an unauthenticated attacker to exchange the HTTPS certificates in a susceptible TeamCity server with a certificates of their selecting through the “/app/https/settings/uploadCertificate” endpoint and even alter the port quantity the HTTPS service listens on.
A risk actor might leverage the vulnerability to carry out a denial-of-service towards the TeamCity server by both altering the HTTPS port quantity, or by importing a certificates that can fail client-side validation. Alternatively, the uploaded certificates could possibly be used for adversary-in-the-middle eventualities if it is trusted by the shoppers.
“This authentication bypass permits for a restricted variety of authenticated endpoints to be reached with out authentication,” Rapid7 mentioned of the shortcoming.
“An unauthenticated attacker can leverage this vulnerability to each modify a restricted variety of system settings on the server, in addition to disclose a restricted quantity of delicate info from the server.”
The event comes almost a month after JetBrains launched fixes to comprise one other flaw (CVE-2024-23917, CVSS rating: 9.8) that might additionally allow an unauthenticated attacker to achieve administrative management of TeamCity servers.
With security vulnerabilities in JetBrains TeamCity having come beneath lively exploitation final yr by North Korean and Russian risk actors, it is important that customers take steps to replace their servers instantly.
