A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises application that could be exploited by a threat actor to choose management of impacted techniques.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been dealt with in edition 2023.11.4. They influence all TeamCity On-Premises versions by means of 2023.11.3.
“The vulnerabilities could permit an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative management of that TeamCity server,” JetBrains reported in an advisory launched Monday.
TeamCity Cloud situations have currently been patched towards the two flaws. Cybersecurity agency Quick7, which uncovered and documented the issues on February 20, 2024, stated CVE-2024-27198 is a circumstance of authentication bypass that makes it possible for for a entire compromise of a inclined server by a distant unauthenticated attacker.
“Compromising a TeamCity server permits an attacker full control over all TeamCity initiatives, builds, agents and artifacts, and as these kinds of is a suitable vector to position an attacker to conduct a provide chain attack,” the business mentioned.
CVE-2024-27199, also an authentication bypass flaw, stems from a path traversal issue that can permit an unauthenticated attacker to replace the HTTPS certificate in a vulnerable TeamCity server with a certification of their deciding on by way of the “/app/https/configurations/uploadCertificate” endpoint and even alter the port variety the HTTPS assistance listens on.
A threat actor could leverage the vulnerability to conduct a denial-of-services towards the TeamCity server by both changing the HTTPS port selection, or by uploading a certification that will fail client-side validation. Alternatively, the uploaded certificate could be utilized for adversary-in-the-middle eventualities if it truly is trusted by the shoppers.
“This authentication bypass enables for a constrained amount of authenticated endpoints to be achieved without authentication,” Rapid7 explained of the shortcoming.
“An unauthenticated attacker can leverage this vulnerability to both of those modify a constrained variety of procedure configurations on the server, as effectively as disclose a restricted amount of sensitive information and facts from the server.”
The improvement will come practically a thirty day period after JetBrains produced fixes to contain a different flaw (CVE-2024-23917, CVSS rating: 9.8) that could also empower an unauthenticated attacker to attain administrative control of TeamCity servers.
With security vulnerabilities in JetBrains TeamCity getting arrive beneath energetic exploitation final calendar year by North Korean and Russian menace actors, it is really vital that customers get ways to update their servers straight away.
Uncovered this report interesting? Stick to us on Twitter and LinkedIn to examine a lot more distinctive content we submit.
Some parts of this article are sourced from:
thehackernews.com