Exploit Targets Critical Vulnerability in JetBrains’ TeamCity, Company Advises Immediate Update

A critical vulnerability, identified as CVE-2024-27198, has been discovered in JetBrains’ TeamCity On-Premises CI/CD solution, posing a significant security threat that allows remote unauthenticated attackers to gain administrative control of the server. Here’s what you need to know.  

Tell me more about the critical vulnerability in JetBrains’ TeamCity 

JetBrains is a company that creates tools for software developers and project managers. This vulnerability, alongside a less severe issue (CVE-2024-27199) that permits the modification of certain system settings without authentication, affects all versions of TeamCity’s on-premise installations (2023.11.3 and earlier). 

The critical flaw was identified by security researchers, who have also provided a proof of concept demonstrating the ease with which attackers can exploit this vulnerability to execute remote code and potentially conduct supply chain attacks. JetBrains has released an update to fix these vulnerabilities (2023.11.4), urging administrators of TeamCity On-Premises installations to apply the update as soon as possible. 

Other vulnerabilities affecting JetBrains’ TeamCity, such as CVE-2023-42793, have been heavily abused by threat actors, and the newly announced vulnerabilities will likely be targeted quickly. The severity of this vulnerability cannot be overstated, as it grants attackers the ability to take complete control of the affected server, potentially compromising the entire CI/CD pipeline and the software development process.  

What is Nuspire doing?  

Nuspire is proactively addressing the critical vulnerability in JetBrains’ TeamCity. The company applies patches in accordance with vendor recommendations and actively threat hunts client environments for indications of compromise.  

What should I do to address JetBrains’ TeamCity vulnerability?  

For organizations utilizing TeamCity On-Premises, it’s crucial to take immediate action to mitigate these security risks: 

1. Update immediately: Prioritize upgrading to TeamCity version 2023.11.4, which contains fixes for both CVE-2024-27198 and CVE-2024-27199. This is the most effective way to protect your organization from the critical vulnerability and the less severe issue. 
2. Install the security patch: If updating is not feasible at this moment, install the security patch plugin provided by JetBrains for TeamCity versions 2018.2 and newer, as well as for versions 2018.1 and older. While not as comprehensive as a full update, this patch will help mitigate the risks associated with the critical vulnerability. 

In addition to these immediate actions, organizations should also review their overall security posture and ensure that they have comprehensive security measures in place to detect and respond to potential threats. This may include implementing multi-factor authentication, regularly monitoring for suspicious activity and providing security awareness training to employees. By taking a proactive approach to security and staying informed about the latest threats and vulnerabilities, organizations can minimize the risk of successful attacks and protect their valuable assets and data.