11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution).

CVE NumberCVSS ScoreEPSS Score
CVE-2024-271989.8 (Critical)97% (Critical)
CVE-2024-271997.3 (High)0% (Low)
Details of the vulnerabilities

The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3 and have been fixed in version 2023.11.4. All users are encouraged to update their servers to the latest version, especially because Rapid7 has disclosed all details related to the vulnerabilities, and threat actors are already exploiting them.

The JetBrains team also released security patch plugins to allow users who cannot update the server to patch their environment:

These Solutions are Engineered by Humans

Did you learn from this article? Perhaps you’re already familiar with some of the techniques above? If you find cybersecurity issues interesting, maybe you could start in a cybersecurity or similar position here at Würth Phoenix.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix


Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Leave a Reply

Your email address will not be published. Required fields are marked *