America’s cyber defense agency CISA is warning of a critical vulnerability that allows bypass authentication and the ability to perform admin actions on JetBrains TeamCity.
JetBrains’ software tools are widely used in software development across various industries, both by startups and large enterprises. TeamCity is a build management and continuous integration server from JetBrains.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a JetBrains TeamCity Authentication Bypass Vulnerability – with a 9.8 out of 10 severity score – to its catalog and the National Vulnerability Database by NIST.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warns.
CISA is urging organizations to review the following JetBrains blog post and apply the necessary updates.
JetBrains released a TeamCity update, including a fix for this critical security vulnerability, and is urging users to install it. The company disclosed that the vulnerability was reported by the Rapid7 team and doesn’t share any additional details on security-related issues to avoid compromising clients still using previous versions of the vulnerable software.
“Compromising a TeamCity server allows an attacker [take] full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack,” Rapid7 said.
https://twitter.com/Shadowserver/status/1764960110659478012
The update also patches another high-risk vulnerability that allows malicious actors to perform limited admin actions by enabling to bypass authentication checks on the TeamCity server.
“An attacker could perform a denial of service against the TeamCity server by either changing the HTTPS port number to a value not expected by clients, or by uploading a certificate that will fail client side validation. Alternatively, an attacker with a suitable position on the network may be able to perform either eavesdropping or a man-in-the-middle attack on client connections, if the certificate the attacker uploads (and has a private key for) will be trusted by the clients,” Rapid7 warned.
Your email address will not be published. Required fields are markedmarked