Vulnerabilities CVE-2024-27198 and CVE-2024-27199 have an effect on TeamCity, a CI/CD administration server software program owned by JetBrains
Two new vulnerabilities have been disclosed not too long ago, which have an effect on the CI/CD server JetBrains TeamCity. Vulnerabilities CVE-2024-27198 and CVE-2024-27199 enable to bypass the authentication, and considered one of them permits distant code execution, making it crucial with a CVSS of 9.8.
TeamCity is a construct administration and steady integration server from JetBrains. It's a industrial software program with a proprietary license which permits its restricted utilization without spending a dime . At Shodan, close to 16.000 servers are uncovered to Web working this software program.
Key options
- CVE Identifier: CVE-2024-27198
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Important)
- CVE Identifier: CVE-2024-27199
- CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (7.3 Excessive)
- Launch date: 04/03/2024
- Affected software program: JetBrains TeamCity
- Affected variations
- Exploitation necessities
- Community visibility to the online interface.
Mitigation
The principle answer is to urgently replace the TeamCity occasion to the brand new patched model that fixes this vulnerability:
As well as, it's endorsed to use safety hardening configurations to the server, so the impression of a distant code execution could be restricted.
JetBrains has printed a post with the official data of those vulnerabilities. On this submit, a patch is talked about, which could be put in in earlier variations to forestall the exploitation of those safety points.
Detection of the vulnerabilities CVE-2024-27198 and CVE-2024-27199
The presence of the vulnerabilities CVE-2024-27198 and CVE-2024-27199 could be recognized by the model quantity.
As a part of its rising vulnerabilities service, Tarlogic proactively screens the perimeter of its purchasers to report, detect, and urgently notify of the presence of this vulnerability, in addition to different crucial threats that might have a severe impression on the safety of their belongings.
References
