JetBrains TeamCity Alert: Patch Now to Thwart Hacker Takeover – CVE-2024-27198 & CVE-2024-27199 Exposed!

Feeling insecure? JetBrains TeamCity’s latest hiccup involves duo vulnerabilities (CVE-2024-27198 & CVE-2024-27199) allowing attackers to play admin on your server. Patch up with version 2023.11.4 and keep those digital baddies at bay! #CybersecurityFauxPas

Hot Take:

JetBrains TeamCity is serving more backdoors than a speakeasy during Prohibition, and the cybercriminals seem to have an all-access pass! If you’re running on-premises versions faster than you can say “patch,” you might just be the unwilling host of the next great supply chain soiree. Remember folks, in the world of cybersecurity, the “bouncer” at your server’s door better be tougher than a stale pretzel!

Key Points:

  • JetBrains TeamCity On-Premises hit the vulnerability jackpot with CVE-2024-27198 and CVE-2024-27199, rated as a cybersecurity critic’s nightmare.
  • Version 2023.11.4 is the new bouncer at the door, kicking out unwelcome guests from versions up to 2023.11.3.
  • An attacker could use their “VIP pass” (CVE-2024-27198) to take over the whole TeamCity club, from projects to builds.
  • CVE-2024-27199 lets attackers play dress-up with HTTPS certificates and party with the port numbers.
  • Despite the invite list being patched, the history of RSVPs from Russian and North Korean threat actors means this party needs a seriously good after-party cleaning crew.
Cve id: CVE-2024-27198
Cve state: PUBLISHED
Cve assigner short name: JetBrains
Cve date updated: 03/04/2024
Cve description: In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible

Cve id: CVE-2024-27199
Cve state: PUBLISHED
Cve assigner short name: JetBrains
Cve date updated: 03/04/2024
Cve description: In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible

Cve id: CVE-2024-23917
Cve state: PUBLISHED
Cve assigner short name: JetBrains
Cve date updated: 02/06/2024
Cve description: In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible

Need to know more?

Party Crashers Galore

Just when you thought your TeamCity server was the Fort Knox of code, along come CVE-2024-27198 and CVE-2024-27199, ready to waltz in without knocking. These aren't your garden-variety gatecrashers; they're more like the kind who can persuade your security system they're the homeowner. JetBrains' latest advisory might as well be an invitation to update before your server turns into the hottest underground club for hackers.

A Patch in Time Saves Nine... Million Headaches

TeamCity Cloud users can breathe a sigh of relief; their digital shindig has already been given the all-clear. But if you're hosting the party locally, it's time to update your guest list and make sure 2023.11.4 or later is at the top. With a CVSS score of 9.8, CVE-2024-27198 is the uninvited guest who eats all your food, while CVE-2024-27199, with a score of 7.3, is the one who spills red wine on your white carpet. Neither is particularly good for your home's resale value.

Supply Chain Shenanigans

Rapid7, the cybersecurity sleuths who unearthed these vulnerabilities, paint a grim picture of the potential for a supply chain shindig. Imagine a hacker with their finger in every pie – from your code to your coffee machine. That's the kind of control we're talking about. CVE-2024-27198 is essentially an all-access pass to the backstage of your build processes.

A Not-So-Certifiable Situation

With CVE-2024-27199, attackers can play a game of musical chairs with your HTTPS certificates and port numbers. It's like giving someone the key to your house, and then they change the locks and move the door. Not ideal, especially if they start inviting their own "clients" to the party for some adversary-in-the-middle fun.

Deja Vu All Over Again

It's worth noting that this isn't JetBrains' first rodeo with unauthenticated attackers doing the cha-cha on their servers. Another flaw, CVE-2024-23917, recently had its own patch party. The trend suggests that TeamCity servers are the 'it' spot for hackers, and not in a good way. With a history of exploitation by digital party animals from North Korea and Russia, it's clear that JetBrains' users need to keep their eyes peeled and their servers updated, or risk being the main event in the next cyberattack festival.

Tags: authentication bypass, CVE-2024-27198, CVE-2024-27199, HTTPS certificate manipulation, JetBrains TeamCity vulnerabilities, Rapid7 vulnerability discovery, Software Patching, supply-chain attack