Skip to main content
close search
site logo
Dive Brief

JetBrains TeamCity a ripe attack target as more vulnerabilities emerge

Despite available security fixes, Rapid7 researchers raised concerns about JetBrains’ lack of coordination in vulnerability disclosure.

Published March 5, 2024 Updated March 6, 2024
David Jones's headshot
Reporter
CFOs play a key role in advocating for preventative cybersecurity actions that help reduce the cost of cyber risks.
Getty Images via Getty Images

Dive Brief:

  • Security researchers are warning about two new authentication bypass vulnerabilities in the on-premises version of JetBrains TeamCity, including a critical flaw that can enable a remote, unauthenticated attacker to take control of a vulnerable server. 
  • JetBrains urged customers to upgrade their servers to the latest version or apply a security patch, in a blog post released Sunday. However, Rapid7, which discovered the vulnerabilities and reported them to JetBrains, criticized the software firm for releasing the fixed version without proper coordination. 
  • Researchers at Shadowserver warned Tuesday they are beginning to see exploitation activity surrounding the most critical vulnerability, CVE-2024-27198, which has a CVSS score of 9.8.

Dive Insight:

Rapid7 said the vulnerabilities are not related to any of the critical flaws disclosed in recent months. However, researchers took note of repeated exploitation attempts against the software development platform. 

These vulnerabilities are not directly related to previous security issues in TeamCity, but the product has been a popular target recently for a range of attackers, including state-sponsored groups,” Caitlin Condon, director of vulnerability intelligence at Rapid7, said via email. 

The vulnerabilities impact TeamCity On-Premises versions leading up to 2023.11.3, according to JetBrains. 

The coordination dispute centers around the issue of TeamCity releasing security updates before Rapid7 was able to release its vulnerability research. Rapid7 has previously raised concerns about the practice of issuing “silent patches.” 

JetBrains released a blog Tuesday explaining its desire to give customers an opportunity to fix vulnerable applications early, but the company said it never intended to withhold the full details from the public. 

The vulnerabilities mark the latest in a series of security issues facing JetBrains TeamCity.

In early February, the company warned of a critical vulnerability, listed as CVE-2024-23917, in the on-premises version of TeamCity.

In December, U.S. authorities warned about hackers linked to the Russian Foreign Intelligence Service exploiting a critical vulnerability in TeamCity to launch potential supply chain attacks.

That threat group, known as Midnight Blizzard, was linked to the 2020 Sunburst attacks, which impacted users of the SolarWinds Orion platform.

Correction: The story has been updated to reflect JetBrains released the security updates before security researchers published a report on the vulnerability. The company was previously misidentified.

 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Clay Platte Family Medicine Data Breach Investigation
From Migliaccio and Rathod LLP
October 21, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell