Dive Brief:
- Security researchers are warning about two new authentication bypass vulnerabilities in the on-premises version of JetBrains TeamCity, including a critical flaw that can enable a remote, unauthenticated attacker to take control of a vulnerable server.
- JetBrains urged customers to upgrade their servers to the latest version or apply a security patch, in a blog post released Sunday. However, Rapid7, which discovered the vulnerabilities and reported them to JetBrains, criticized the software firm for releasing the fixed version without proper coordination.
- Researchers at Shadowserver warned Tuesday they are beginning to see exploitation activity surrounding the most critical vulnerability, CVE-2024-27198, which has a CVSS score of 9.8.
Dive Insight:
Rapid7 said the vulnerabilities are not related to any of the critical flaws disclosed in recent months. However, researchers took note of repeated exploitation attempts against the software development platform.
“These vulnerabilities are not directly related to previous security issues in TeamCity, but the product has been a popular target recently for a range of attackers, including state-sponsored groups,” Caitlin Condon, director of vulnerability intelligence at Rapid7, said via email.
The vulnerabilities impact TeamCity On-Premises versions leading up to 2023.11.3, according to JetBrains.
The coordination dispute centers around the issue of TeamCity releasing security updates before Rapid7 was able to release its vulnerability research. Rapid7 has previously raised concerns about the practice of issuing “silent patches.”
JetBrains released a blog Tuesday explaining its desire to give customers an opportunity to fix vulnerable applications early, but the company said it never intended to withhold the full details from the public.
The vulnerabilities mark the latest in a series of security issues facing JetBrains TeamCity.
In early February, the company warned of a critical vulnerability, listed as CVE-2024-23917, in the on-premises version of TeamCity.
In December, U.S. authorities warned about hackers linked to the Russian Foreign Intelligence Service exploiting a critical vulnerability in TeamCity to launch potential supply chain attacks.
That threat group, known as Midnight Blizzard, was linked to the 2020 Sunburst attacks, which impacted users of the SolarWinds Orion platform.
Correction: The story has been updated to reflect JetBrains released the security updates before security researchers published a report on the vulnerability. The company was previously misidentified.