JetBrains Affirms Reported Exploitation of TeamCity Servers While Advocating Transparency Policies
TeamCity, JetBrains' continuous integration server product, has been the focus of recent cybersecurity concerns due to the ongoing exploitation of two authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199.
JetBrains notified customers about these vulnerabilities earlier this month, but it's important to note that no publicly available information or documented controversy specifically involving JetBrains and cybersecurity firm Rapid7 over TeamCity vulnerabilities has been identified.
Researchers at GuidePoint have reported that the threat group BianLian is exploiting both CVE-2024-27198 and CVE-2023-42793. They claim that the group used CVE-2024-27198 for initial access into a vulnerable TeamCity server.
In response to these findings, JetBrains released a blog on Monday, discussing reported exploitation activity linked to the critical vulnerabilities in the on-premises version of TeamCity. The company also released an updated version of TeamCity and a security patch on March 4, for customers who could not upgrade to the latest build.
Meanwhile, Rapid7 stands by its disclosure policies, as stated in an email on Monday. However, the firm criticized JetBrains for releasing the patch without proper coordination with Rapid7.
As of March 6, Shadowserver reported 1,182 possibly vulnerable instances of CVE-2024-27198. This number underscores the importance of prompt patching and updating for TeamCity servers to protect against these vulnerabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has also urged organizations to review JetBrains' mitigation guidance and apply security upgrades. Furthermore, CISA added CVE-2024-27198 to its Known Exploited Vulnerabilities catalog, highlighting the severity of the issue.
Multiple customers have reported their servers being compromised due to not being able to patch or update in time. This serves as a reminder for all organizations using TeamCity to prioritize security updates and stay vigilant against potential threats.
In conclusion, the ongoing exploitation of TeamCity vulnerabilities, specifically CVE-2024-27198, poses a significant risk to organizations. It's crucial for TeamCity users to apply security upgrades and patches promptly to protect their systems. Keeping a close eye on official JetBrains security advisories, Rapid7 vulnerability disclosures, and trusted cybersecurity news outlets can help stay informed about the latest developments in this evolving situation.
- The ongoing exploitation of TeamCity vulnerabilities, such as CVE-2024-27198, highlights the critical role cybersecurity plays in protecting technology, especially in the general-news context and crime-and-justice perspective, as the failure to update can potentially lead to system compromise.
- Despite JetBrains' notification of the TeamCity vulnerabilities to customers earlier this month, recent findings by GuidePoint and Rapid7 show that cybercriminals, like BianLian, are still exploiting these vulnerabilities, causing concern for cybersecurity professionals.
- JetBrains' handling of the TeamCity vulnerabilities, particularly its patch release and interactions with Rapid7, has sparked debate within the cybersecurity community, emphasizing the importance of proper coordination and collaboration in handling such matters to ensure optimal cybersecurity practices.
