Critical TeamCity Bugs Endanger Software Supply Chain

We Keep you Connected

Critical TeamCity Bugs Endanger Software Supply Chain

Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
March 4, 2024
Cloud versions of the JetBrains TeamCity software development platform manager have already been updated against a new pair of critical vulnerabilities, but on-premises deployments need immediate patching, a security advisory from the vendor warned this week.
This is the second round of critical TeamCity vulnerabilities in the past two months. The ramifications could be wide: The company's software development lifecycle (SDLC) platform is used across 30,000 organizations, including Citibank, Nike, and Ferrari.
The TeamCity tool manages the software development CI/CD pipeline, which is the process by which code is built, tested, and deployed. The new vulnerabilities, tracked under CVE-2024-27198 and CVE-2024-27199, could allow threat actors to bypass authentication and gain admin control of the victim's TeamCity server, according to a blog post from TeamCity.
The flaws were found and reported by Rapid7 in February, the company added. The Rapid7 team is poised to release full technical details imminently, making it imperative for teams running TeamCity on-premises versions through 2023.11.3 to get their systems patched before threat actors catch onto the opportunity, the company advised.
In addition to releasing an updated TeamCity version, 2023-11.4, the vendor offered a security patch plugin for teams unable to upgrade quickly.
The CI/CD environment is fundamental to the software supply chain, making it an attractive attack vector for sophisticated advanced persistent threat (APT) groups.
In late 2023, governments worldwide raised the alarm that the Russian state-backed group APT29 (aka Nobelium, Midnight Blizzard, and Cozy Bear — the threat actor behind the 2020 SolarWinds attack) was actively exploiting a similar vulnerability in JetBrains TeamCity that could likewise allow software supply chain cyberattacks.
"The ability of an unauthenticated attacker to bypass authentication checks and gain administrative control poses a significant risk not only to the immediate environment but also to the integrity and security of the software being developed and deployed through such compromised CI/CD pipelines," Ryan Smith, head of product for Deepfence, said in a statement.
Smith added the data shows a "notable uptick" in both the volume and the complexity of software supply chain cyberattacks in general.
"The recent JetBrains incident serves as a stark reminder of the criticality of prompt vulnerability management and proactive threat detection strategies," Smith said. "By fostering a culture of agility and resilience, organizations can enhance their ability to thwart emerging threats and safeguard their digital assets effectively."
Becky Bracken, Editor, Dark Reading

You May Also Like
Assessing Your Critical Applications’ Cyber Defenses
Unleash the Power of Gen AI for Application Development, Securely
The Anatomy of a Ransomware Attack, Revealed
How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
Building a Modern Endpoint Strategy for 2024 and Beyond
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Industrial Networks in the Age of Digitalization
Zero-Trust Adoption Driven by Data Protection
How Enterprises Assess Their Cyber-Risk
Proven Success Factors for Endpoint Security
SANS 2021 Cloud Security Survey
The State of Incident Response
A Solution Guide to Operational Technology Cybersecurity
Endpoint Best Practices to Block Ransomware
2023 Snyk AI-Generated Code Security Report
Understanding AI Models to Future-Proof Your AppSec Program
Cybersecurity’s Hottest New Technologies – Dark Reading March 21 Event
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.