A brand new pair of safety vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software program that could possibly be exploited by a risk actor to take management of affected methods.
The failings, tracked as CVE-2024-27198 (CVSS rating: 9.8) and CVE-2024-27199 (CVSS rating: 7.3), have been addressed in model 2023.11.4. They affect all TeamCity On-Premises variations by 2023.11.3.
“The vulnerabilities could allow an unauthenticated attacker with HTTP(S) entry to a TeamCity server to bypass authentication checks and acquire administrative management of that TeamCity server,” JetBrains stated in an advisory launched Monday.
TeamCity Cloud situations have already been patched towards the 2 flaws. Cybersecurity agency Rapid7, which found and reported the problems on February 20, 2024, stated CVE-2024-27198 is a case of authentication bypass that enables for an entire compromise of a prone server by a distant unauthenticated attacker.
“Compromising a TeamCity server permits an attacker full management over all TeamCity tasks, builds, brokers and artifacts, and as such is an acceptable vector to place an attacker to carry out a provide chain assault,” the corporate famous.
CVE-2024-27199, additionally an authentication bypass flaw, stems from a path traversal subject that may allow an unauthenticated attacker to interchange the HTTPS certificates in a susceptible TeamCity server with a certificates of their selecting by way of the “/app/https/settings/uploadCertificate” endpoint and even alter the port quantity the HTTPS service listens on.
A risk actor may leverage the vulnerability to carry out a denial-of-service towards the TeamCity server by both altering the HTTPS port quantity, or by importing a certificates that can fail client-side validation. Alternatively, the uploaded certificates could possibly be used for adversary-in-the-middle situations if it is trusted by the purchasers.
“This authentication bypass permits for a restricted variety of authenticated endpoints to be reached with out authentication,” Rapid7 stated of the shortcoming.
“An unauthenticated attacker can leverage this vulnerability to each modify a restricted variety of system settings on the server, in addition to disclose a restricted quantity of delicate data from the server.”
The event comes almost a month after JetBrains launched fixes to comprise one other flaw (CVE-2024-23917, CVSS rating: 9.8) that would additionally allow an unauthenticated attacker to realize administrative management of TeamCity servers.
With safety vulnerabilities in JetBrains TeamCity having come underneath lively exploitation final 12 months by North Korean and Russian risk actors, it is important that customers take steps to replace their servers instantly.
