On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution).
CVE Number
CVSS Score
EPSS Score
CVE-2024-27198
9.8 (Critical)
97% (Critical)
CVE-2024-27199
7.3 (High)
0% (Low)
Details of the vulnerabilities
The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3 and have been fixed in version 2023.11.4. All users are encouraged to update their servers to the latest version, especially because Rapid7 has disclosed all details related to the vulnerabilities, and threat actors are already exploiting them.
The JetBrains team also released security patch plugins to allow users who cannot update the server to patch their environment:
Did you learn from this article? Perhaps you’re already familiar with some of the techniques above? If you find cybersecurity issues interesting, maybe you could start in a cybersecurity or similar position here at Würth Phoenix.
During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim Read More
Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The Read More
Using our CTI SATAYO platform, we identified an artifact belonging to AMMEGA's data breach. AMMEGA is a multinational manufacturing company based in the Netherlands with revenues of $1.2 billion. It was the victim of an attack carried out by the Read More
On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor Read More
On February 8, 2024, Fortinet disclosed 2 critical vulnerabilities which could allow remote code or command execution. The vulnerabilities are as follows: FortiOS - Format String Bug in fgfmd, with CVSS severity 9.8 The versions prone to this vulnerability are: Read More