11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution).

CVE NumberCVSS ScoreEPSS Score
CVE-2024-271989.8 (Critical)97% (Critical)
CVE-2024-271997.3 (High)0% (Low)
Details of the vulnerabilities

The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3 and have been fixed in version 2023.11.4. All users are encouraged to update their servers to the latest version, especially because Rapid7 has disclosed all details related to the vulnerabilities, and threat actors are already exploiting them.

The JetBrains team also released security patch plugins to allow users who cannot update the server to patch their environment:

These Solutions are Engineered by Humans

Did you learn from this article? Perhaps you’re already familiar with some of the techniques above? If you find cybersecurity issues interesting, maybe you could start in a cybersecurity or similar position here at Würth Phoenix.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Latest posts by Mirko Ioris

24. 04. 2024 SOCnews
SOC News | Apr 24 – Full AMMEGA Data Breach Published
28. 03. 2024 SOCnews
SOC News | Mar 28 – New Vulnerabilities Added to the KEV Catalog
04. 01. 2024 Blue Team, SEC4U
Hacker Group Activities and Cyber Security Concerns | Second Semester 2023
30. 10. 2023 Blue Team, Red Team, SEC4U
Adding SOAR Features to the SOC – Part 1: Vulnerability Management
28. 08. 2023 Blue Team, SEC4U
Hacker Group Activities and Cyber Security Concerns | First Semester 2023
See All

Related Content

Tags: , , , ,

24. 04. 2024 SOCnews

SOC News | Apr 24 – Full AMMEGA Data Breach Published

Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA's data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Read More
28. 03. 2024 SOCnews

SOC News | Mar 28 – New Vulnerabilities Added to the KEV Catalog

On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor Read More
09. 02. 2024 SOCnews

SOC News | Feb 07 – FortiOS Critical Vulnerabilities

On February 8, 2024, Fortinet disclosed 2 critical vulnerabilities which could allow remote code or command execution. The vulnerabilities are as follows: FortiOS - Format String Bug in fgfmd, with CVSS severity 9.8 The versions prone to this vulnerability are: Read More
03. 02. 2024 SOCnews

SOC News | Feb 04 – AnyDesk Compromise

Starting February 1st, rumors regarding a possible compromise of AnyDesk began to circulate online. These rumors became more insistent as the contents of the January 29 Release Notes were noted. What initially appeared to be just normal maintenance activity on Read More
20. 12. 2023 Exposure Assessment, SEC4U

EPSS implementation in SATAYO

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild , as my colleague Beatrice Dall'Omo has already had the opportunity to talk about in Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive