JetBrains, a popular software development company, is urging users to immediately update their TeamCity software due to two new critical vulnerabilities that have been discovered. These vulnerabilities, known as CVE-2024-27198 and CVE-2024-27199, could potentially allow attackers to gain unauthenticated administrative access to TeamCity servers.

The company has already released patches for these vulnerabilities in the TeamCity cloud servers, and an on-premises patch is available for users with version 2023.11.4. JetBrains has stated that these vulnerabilities could potentially allow unauthenticated attackers with HTTP(S) access to bypass authentication checks and take control of the TeamCity server. It is important to note that these vulnerabilities impact all TeamCity On-Premises versions through 2023.11.3.

TeamCity is a widely utilized tool for managing CI/CD pipelines, which are crucial for the continuous deployment and testing of software code. Many major global brands, such as Tesla, McAfee, Samsung, Nvidia, HP, and Motorola, rely on TeamCity for their software development processes.

The critical nature of these vulnerabilities was first reported to JetBrains by Rapid7, a cybersecurity company, highlighting the severity of the issue. The vulnerabilities were assigned high CVSS base scores of 9.8/10 (CVE-2024-27198) and 7.5/10 (CVE-2024-27199), underscoring the potential impact of these vulnerabilities if exploited by malicious actors.

Although the technical details of how these vulnerabilities can be exploited have not been publicly disclosed by either JetBrains or Rapid7, a full disclosure is expected in the near future. This lack of detailed information underscores the importance of promptly applying the available patches to mitigate the risk of exploitation.

Given the critical nature of these vulnerabilities and the potential consequences of unauthorized access to TeamCity servers, users are urged to prioritize patching their systems to ensure the security of their software development processes. Failure to address these vulnerabilities in a timely manner could result in unauthorized access and potential data breaches, threatening the integrity of valuable software code and sensitive information.

In conclusion, the discovery of these critical vulnerabilities in TeamCity serves as a stark reminder of the ever-present cybersecurity risks that organizations face in today’s digital landscape. By staying vigilant, promptly applying security patches, and adopting best practices in software development, companies can mitigate the risk of security incidents and safeguard their critical infrastructure and data from malicious threats.

Source link