A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains has been identified, allowing remote unauthenticated attackers to gain administrative control over the server. This vulnerability, known as CVE-2024-27198, poses a serious security risk as it enables attackers to exploit an authentication bypass issue within the web component of TeamCity, potentially leading to complete control of the server and remote code execution capabilities.
Security researcher Stephen Fewer from Rapid7 discovered and reported this critical vulnerability to JetBrains in mid-February. In addition to CVE-2024-27198, another security issue (CVE-2024-27199) was also found in the web component of TeamCity, though with a lesser severity level. This vulnerability allows unauthorized modification of system settings without requiring authentication, posing a potential risk to the integrity of the system.
In response to these vulnerabilities, JetBrains has released an updated version of TeamCity (2023.11.4) that addresses the security flaws. Administrators are strongly advised to update their installations to the latest version or install a security patch plugin provided by the vendor to mitigate the risks associated with these vulnerabilities.
Rapid7 demonstrated the severity of CVE-2024-27198 by creating an exploit that granted them shell access on a vulnerable TeamCity server. This exploit highlights the critical nature of the vulnerability and the importance of prompt remediation to prevent potential unauthorized access and malicious activities.
While the second vulnerability (CVE-2024-27199) is considered less severe, it still presents a risk to vulnerable systems, especially within the context of a targeted attack. Attackers could potentially exploit this vulnerability for denial-of-service attacks or to intercept client connections, underscoring the importance of addressing all known security issues promptly and effectively.
JetBrains’ proactive approach in releasing the updated version of TeamCity underscores their commitment to addressing security vulnerabilities and safeguarding their customers’ systems. By encouraging administrators to apply the necessary updates and patches, JetBrains aims to mitigate the risk of exploitation and prevent potential security breaches.
As the cybersecurity landscape continues to evolve, organizations must remain vigilant and proactive in identifying and addressing potential security vulnerabilities within their systems. By staying informed about the latest threats and taking appropriate actions to secure their infrastructure, businesses can reduce the risk of falling victim to malicious attacks and protect their valuable data and assets.
In conclusion, the discovery of critical vulnerabilities in TeamCity serves as a reminder of the importance of maintaining strong security practices and staying abreast of potential threats. By promptly addressing security vulnerabilities and implementing necessary security measures, organizations can enhance their cybersecurity posture and mitigate the risk of exploitation by malicious actors.