JetBrains TeamCity Vulnerability Added to CISAs Known Exploited Catalog - 20240305003¶
Overview¶
JetBrains has released a security update that addresses vulnerabilities in its TeamCity on-premises server. The TeamCity tool manages the software development CI/CD pipeline, which is the process by which code is built, tested, and deployed. This vulnerabilities could allow threat actors to bypass authentication and gain admin control of the victim's TeamCity server.
What is vulnerable?¶
| Product(s) Affected | Summary | CVE | Severity | CVSS | Exploited | Dated |
|---|---|---|---|---|---|---|
| TeamCity versions before 2023.11.4 | authentication bypass allowing to perform admin actions was possible | CVE-2024-27198 CWE-288 |
Critical | N/A (Nist) 9.8 (JetBrains s.r.o) |
Yes | 07 Mar, 2024 |
| TeamCity versions before 2023.11.4 | path traversal allowing to perform limited admin actions was possible | CVE-2024-27199 CWE-23 |
High | N/A (Nist) 7.3 (JetBrains s.r.o) |
Yes | 07 Mar, 2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):