Cybersecurity blog header

CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Vulnerabilities

- S.T.A².R.S Team

CVE-2024-27198 and CVE-2024-27199 are two vulnerabilities affecting JetBrains TeamCity software

Vulnerabilities CVE-2024-27198 and CVE-2024-27199 affect TeamCity, a CI/CD management server software owned by JetBrains

Two new vulnerabilities have been disclosed recently, which affect the CI/CD server JetBrains TeamCity. Vulnerabilities CVE-2024-27198 and CVE-2024-27199 allow to bypass the authentication, and one of them enables remote code execution, making it critical with a CVSS of 9.8.

TeamCity is a build management and continuous integration server from JetBrains. It is a commercial software with a proprietary license which allows its limited usage for free . At Shodan, near 16.000 servers are exposed to Internet running this software.

Key features

  • CVE Identifier: CVE-2024-27198
    • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical)
  • CVE Identifier: CVE-2024-27199
    • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (7.3 High)
  • Release date: 04/03/2024
  • Affected software: JetBrains TeamCity
  • Affected versions
    • All before 2023.11.4
  • Exploitation requirements
    • Network visibility to the web interface.

Mitigation

The main solution is to urgently update the TeamCity instance to the new patched version that fixes this vulnerability:

In addition, it is recommended to apply security hardening configurations to the server, so the impact of a remote code execution can be limited.

JetBrains has published a post with the official information of these vulnerabilities. In this post, a patch is mentioned, which can be installed in previous versions to prevent the exploitation of these security issues.

Detection of the vulnerabilities CVE-2024-27198 and CVE-2024-27199

The presence of the vulnerabilities CVE-2024-27198 and CVE-2024-27199 can be identified by the version number.

As part of its emerging vulnerabilities service, Tarlogic proactively monitors the perimeter of its clients to report, detect, and urgently notify of the presence of this vulnerability, as well as other critical threats that could have a serious impact on the security of their assets.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-27198
  • https://nvd.nist.gov/vuln/detail/CVE-2024-27199
  • https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/