CISA Highlights Active Exploitation of JetBrains TeamCity Software Vulnerability

March 8, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an actively exploited security flaw in the JetBrains TeamCity On-Premises software. The vulnerability, known as CVE-2024-27198, is an authentication bypass bug that could lead to a full server compromise by an unauthenticated remote attacker. JetBrains addressed this issue along with another authentication bypass flaw, CVE-2024-27199, earlier this week. These vulnerabilities have been exploited by unidentified threat actors to deliver Jasmin ransomware and create hundreds of rogue user accounts. The Shadowserver Foundation reported exploitation attempts beginning from March 4, 2024. GreyNoise statistics indicate that CVE-2024-27198 has been widely exploited by over a dozen unique IP addresses following its public disclosure. Users of on-premises versions of the software are advised to apply the necessary updates immediately to prevent potential threats. Federal agencies are required to patch their instances by March 28, 2024.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.