Jump to content

New critical JetBrains security flaw could let hackers hijack entire servers

Recommended Posts


Cybersecurity researchers have recently discovered two high severity vulnerabilities in JetBrains TeamCity On-Premises software. 

The software is described as a “powerful and user-friendly Continuous Integration and Deployment server”, that developers can use to build, check, and run automated tests on servers before committing changes. The vulnerabilities, according to the experts from Rapid7 who discovered them, could be used to fully take over vulnerable systems, launch Distributed Denial of Service (DDoS) attacks, and more.

The first one is tracked as CVE-2024-27198, and carries a severity score of 9.8, making it critical. It is described as an authentication bypass, allowing remote unauthenticated attackers to fully take over target servers: "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack," the researchers warned.

Defending against Russian and North Korean state-sponsored threat actors

The second flaw is tracked as CVE-2024-27199, and carries a severity score of 7.3. This authentication bypass flaw can be used to mount DDoS attacks against the TeamCity server, as well as adversary-in-the-middle attacks. 

"This authentication bypass allows for a limited number of authenticated endpoints to be reached without authentication," Rapid7 said. “An unauthenticated attacker can leverage this vulnerability to both modify a limited number of system settings on the server, as well as disclose a limited amount of sensitive information from the server."

All versions up to 2023.11.3 were said to be vulnerable. JetBrains released a patch earlier this month, and urged all users to upgrade their software to version 2023.11.4. 

According to The Hacker News, JetBrains TeamCity users have become a popular target among North Korean and Russian threat actors, which is why the company urged them to apply the patch without delay. 

More from TechRadar Pro

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...