VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

We Keep you Connected

VulnRecap 3/11/24 – JetBrains & Atlassian Issues Persist

Jenna Phipps
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. Apple’s also had plenty to patch, and Cisco, OpenEdge, and VMware appeared in the news, too. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up in the same products. And all IT and security teams should follow vulnerability news for vendor bulletins and updates.
Type of vulnerability: Authentication bypass.
The problem: Two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199, allow unauthenticated attackers to exploit JetBrains TeamCity servers. The more severe CVE-2024-27198 allows a threat actor to take over the entire server. Researchers at Rapid7 discovered these vulnerabilities in late February and released information regarding them on March 4.
These are different JetBrains vulnerabilities than the ones mentioned in past recaps. We’ve seen multiple over the last couple of months, but these are new and not to be confused with CVEs from 2023. Potential exploits of the new vulnerabilities can include remote code execution on TeamCity servers.
JetBrains released a detailed blog post explaining the specific timeline of discovering the vulnerabilities, the conflict with Rapid7, and JetBrains’ stance on releasing vulnerability information. Its position is that immediately releasing vulnerability data to the public allows threat actors to exploit the issues before customers have sufficient time to patch them.
However, Rapid7’s policy holds that silent patching limits the ways experienced IT pros can participate in protecting networks and information systems. Because of these differences, JetBrains decided not to coordinate with Rapid7 in disclosing the vulnerability information.
The fix: Deploy JetBrains TeamCity version 2023.11.4 to all servers that can support it. This release includes installation files and updated Docker images. According to JetBrains’ blog post, the new version and the related security patch plug-in solves both authentication bypass vulnerabilities.
Type of vulnerability: Multiple issues, including kernel security bypass vulnerabilities.
The problem: On March 5, Apple released a security notice for its new operating systems, iOS 17.4 and iPadOS 17.4. These new OS versions fixed multiple CVEs. Two of the more severe vulnerabilities are CVE-2024-23225, found in Kernel, and CVE-2024-23296, found in RealtimeKit (RTKit). Both vulnerabilities allow an attacker to bypass standard kernel memory protections when the attacker has arbitrary read and write capabilities within the kernel.
Other CVEs fixed in the new update included CVE-2024-23243, which allowed an application to potentially view sensitive location data, and CVE-2024-23262, which allowed an application to potentially spoof system notifications and the user interface.
The fix: Deploy iOS 17.4 and iPadOS 17.4 to all devices that will support them as soon as possible. These releases fix over 30 vulnerabilities.
If your business doesn’t have a good method of quickly finding vulnerabilities, consider investing in a vulnerability scanning product specifically designed for websites, applications, or DevOps use cases. 
Type of vulnerability: Use-after-free vulnerability potentially leading to code execution.
The problem: CVE-2024-22252, a use-after-free vulnerability, could allow a threat actor to execute code using admin privileges on a VMware virtual machine. This issue affects VMware ESXi, Workstation, and Fusion. According to the National Instutite of Standards and Technology, the exploitation is contained within the VMX sandbox in ESXi, but in Workstation and Fusion, the vulnerability could lead to code execution on machines where the products are installed.
Specific products affected include:
The fix: VMware created the following table for users so they know which fixed versions to apply:
Type of vulnerability: Carriage return line feed (CRLF) injection attack by an unauthenticated remote attacker.
The problem: Cisco’s Secure Client software has a vulnerability, CVE-2024-20337, that allows an attacker to complete a carriage return line feed injection attack. According to Cisco, after exploiting the Secure Client vulnerability, an attacker could execute arbitrary code or access sensitive data in the browser, like valid SAML tokens. Whichever user’s privileges the attacker has exploited could then be used to create a remote access VPN session.
Insufficient validation of user-supplied input causes this vulnerability, according to Cisco. It affects the following products:
The fix: Cisco provides the following information on fixed software releases:
Type of vulnerability: Potential authentication bypass.
The problem: Progress Software’s OpenEdge Authentication Gateway and AdminServer have a vulnerability in the following versions:
According to Progress, when OpenEdge Authentication Gateway “is configured with an OpenEdge Domain that uses the OS local authentication provider to grant user-id and password logins on operating platforms supported by active releases of OpenEdge, a vulnerability in the authentication routines may lead to unauthorized access on attempted logins.”
The same unauthorized login access can occur when OpenEdge Explorer (OEE) and OpenEdge Management (OEM) connect to AdminServer. The vulnerability, CVE-2024-1403, has a critical severity rating.
Progress also notes that AdminServer logins are always vulnerable because they only support OS local logins. OpenEdge Authentication Gateway is only vulnerable to authentication bypass when admins configure OpenEdge domains to use the operating system’s local authentication provider.
Progress released the notice in late February; on March 6, Horizon3AI released a proof of concept for an OpenEdge exploit. The proof of concept is available on GitHub for interested users, as well as a longer blog post that provides detailed code information and walks pros through Horizon3AI’s process.
The fix: Progress Software has released the following versions of OpenEdge LTS, in which the vulnerability is fixed:
Type of attack: Remote code execution.
The problem: CVE-2023-22527, a remote code execution vulnerability in outdated versions of Atlassian Confluence Data Center and Confluence Server, is currently being actively exploited. Atlassian disclosed the vulnerability in January, but threat actors continue to capitalize on the issue: VulnCheck recently published a blog post and noted that the vulnerability has at least 30 unique exploits, as of March 8.
VulnCheck also observed that multiple instances of exploitation use freemarker.template.utility.Execute, which will easily be picked up by endpoint detection and response platforms.
The vulnerability affects the following Confluence Data Center and Server versions:
The fix: Atlassian recommends updating your instance of Confluence Data Center or Confluence Server to one of the most recent versions:
Read next:
Cloud Risk Complete
Learn More
Learn More
Learn More
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.
Previous article
Next article
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

See full list
Subscribe to Cybersecurity Insider for top news, trends & analysis
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.
Our Brands
Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.