CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

We Keep you Connected

CISA Warns of Actively Exploited JetBrains TeamCity Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2024-27198 (CVSS score: 9.8), refers to an authentication bypass bug that allows for a complete compromise of a susceptible server by a remote unauthenticated attacker.
It was addressed by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows for a “limited amount” of information disclosure and system modification.
“The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server,” the company noted at the time.
Threat actors have been observed weaponizing the twin flaws to deliver Jasmin ransomware as well as create hundreds of rogue user accounts, according to CrowdStrike and LeakIX. The Shadowserver Foundation said it detected exploitation attempts starting from March 4, 2024.
Statistics shared by GreyNoise show that CVE-2024-27198 has come under broad exploitation from over a dozen unique IP addresses shortly after public disclosure of the flaw.
In light of active exploitation, users running on-premises versions of the software are advised to apply the updates as soon as possible to mitigate potential threats. Federal agencies are required to patch their instances by March 28, 2024.
State of AI in the Cloud 2024
Find out what 150,000+ cloud accounts revealed about the AI surge.
Goodbye, Atlassian Server. Goodbye… Backups?
Protect your data on Atlassian Cloud from disaster with daily backups and on-demand restores.
Take Action Fast with Censys Search for Security Teams
Stay ahead of advanced threat actors with best-in-class threat intelligence from Censys Search.
Stay ahead of advanced threat actors with best-in-class threat intelligence from Censys Search.
From Humans to Bots: Every Identity in Your SaaS App Could Be a Backdoor for Cybercriminals.
Learn how to protect your innovations from emerging security threats with expert advice.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE