11. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 11 – JetBrains TeamCity Authentication Bypass Vulnerabilities

On March 4, 2024, JetBrains released TeamCity version 2023.11.4, which patches two authentication bypass vulnerabilities in the web component of TeamCity. These vulnerabilities were discovered in February by Rapid7’s vulnerability research team and allow a remote unauthenticated attacker to perform a complete compromise of a vulnerable TeamCity installation, including unauthenticated RCE (remote code execution).

CVE NumberCVSS ScoreEPSS Score
CVE-2024-271989.8 (Critical)97% (Critical)
CVE-2024-271997.3 (High)0% (Low)
Details of the vulnerabilities

The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3 and have been fixed in version 2023.11.4. All users are encouraged to update their servers to the latest version, especially because Rapid7 has disclosed all details related to the vulnerabilities, and threat actors are already exploiting them.

The JetBrains team also released security patch plugins to allow users who cannot update the server to patch their environment:

These Solutions are Engineered by Humans

Did you learn from this article? Perhaps you’re already familiar with some of the techniques above? If you find cybersecurity issues interesting, maybe you could start in a cybersecurity or similar position here at Würth Phoenix.

Mirko Ioris

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Latest posts by Mirko Ioris

31. 07. 2024 SEC4U, SOCnews
July 19 – The Day Cyber Security Almost Caused a Global IT Blackout
30. 06. 2024 SOCnews
SOC News | June 30 – TeamViewer Victim of a Security Breach
24. 05. 2024 SOCnews
SOC News | May 24 – Patch This Veeam Critical Vulnerability Now
16. 05. 2024 SOCnews
SOC News | May 16 – Data stolen from SYNLAB published on the Dark Web
30. 04. 2024 SOCnews
SOC News | Apr 30 – New Cyber Attacker Groups Detected
See All

Related Content

Tags: , , , ,

30. 06. 2024 SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had Read More
24. 05. 2024 SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface Read More
16. 05. 2024 SOCnews

SOC News | May 16 – Data stolen from SYNLAB published on the Dark Web

SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility Read More
30. 04. 2024 SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim Read More
26. 04. 2024 SOCnews

SOC News | Apr 26 – ArcaneDoor: A New Espionage Campaign

Cisco Talos identified a previously unknown state-sponsored actor behind ArcaneDoor, a sophisticated cyber espionage campaign targeting the perimeter network devices of several vendors. This actor is now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. The Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive