The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical JetBrains TeamCity vulnerability, emphasizing the urgent need for users to take preventive measures. The recently discovered flaw has been added to the Known Exploited Vulnerabilities (KEV) Catalog, with evidence of active exploitation.

CISA Advisory On JetBrains TeamCity

CISA, in a recent security advisory, highlights the severity of such vulnerabilities, underscoring their potential as common attack vectors for malicious cyber actors. As a result of the CISA cybersecurity alert, the agency took a decisive step by incorporating this flaw into the Binding Operational Directive (BOD) 22-01. 

It’s an evolving list of vulnerabilities actively targeting Federal Civilian Executive Branch (FCEB) agencies, essentially government bodies. BOD 22-01 mandates FCEB agencies to promptly apply the latest patches and fortify their endpoints against known vulnerabilities within specified deadlines.

JetBrains TeamCity Vulnerability Unveiled

The KEV Catalog vulnerability revolves around a critical authentication bypass within the TeamCity On-Premises software. This flaw tracked as CVE-2024-27198, poses a severe threat with a rating of 9.8. 

Unauthenticated attackers could exploit this vulnerability, gaining full control over target servers. Security researchers from Rapid7, who discovered and reported the flaw to JetBrains, explain that compromising a TeamCity server provides attackers with control over projects, builds, agents, and artifacts – a potential gateway for supply chain attacks.

Authentication Bypass Consequences and Immediate Action 

The authentication bypass flaw allows unauthenticated attackers to reach a limited number of authenticated endpoints without any hindrance. Rapid7 warns that this vulnerability empowers attackers to modify specific system settings on the server and disclose a restricted amount of sensitive information, emphasizing the urgency of applying the patch.

Cybersecurity risk mitigation is a critical aspect of protecting digital assets and maintaining business resilience in the face of evolving threats. In response to this critical vulnerability, JetBrains swiftly released a patch that addresses the initial JetBrains TeamCity vulnerability.

The patch also addresses a secondary vulnerability, CVE-2024-27199. The latter flaw, with a severity score of 7.3, could be leveraged for Distributed Denial of Service (DDoS) attacks against a TeamCity server and adversary-in-the-middle attacks. All TeamCity versions up to 2023.11.3 are reportedly vulnerable, making it crucial for users to act promptly. 

JetBrains strongly advises all users to upgrade their software to version 2023.11.4, effectively closing the door on potential threats and fortifying their systems against exploitation.

KEV Catalog Security Update

JetBrains TeamCity users, particularly those within the crosshairs of North Korean and Russian threat actors, are urged to apply the JetBrains TeamCity patch without delay. The company’s proactive approach underscores the real and immediate dangers posed by these vulnerabilities and the necessity for users to stay ahead of potential threats.

Conclusion

In the ever-evolving landscape of cybersecurity threats, the recent vulnerability in software development tools demands immediate attention. Effective software vulnerability management is essential for maintaining the security and integrity of digital systems.

By adhering to CISA’s directives and implementing automated security protocols, users can safeguard their systems against potential exploitation, ensuring business continuity and maintaining compliance with evolving security standards. 

The sources for this piece include articles in The Hacker News and CISA.

The post CISA Adds JetBrains TeamCity Vulnerability To KEV Catalog appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/cisa-adds-jetbrains-teamcity-vulnerability-to-kev-catalog/