Critical Vulnerabilities in TeamCity Pose Threat to Software Supply Chain

March 4, 2024

Critical vulnerabilities have been discovered in the CI/CD pipeline tool, JetBrains TeamCity, which could potentially allow cyber criminals to gain administrative control over servers. The cloud versions of this software development platform manager have already been secured against these vulnerabilities, but on-premises deployments are in urgent need of patching, as per the security advisory issued by the vendor this week.

This is not the first time that critical vulnerabilities have been found in TeamCity; similar issues were reported two months ago. The potential impact of these vulnerabilities is significant, considering that JetBrains' software development lifecycle (SDLC) platform is utilized by around 30,000 organizations, including prominent companies like Citibank, Nike, and Ferrari. TeamCity plays a crucial role in managing the software development CI/CD pipeline, which involves the building, testing, and deployment of code.

The newly discovered vulnerabilities, identified as CVE-2024-27198 and CVE-2024-27199, could enable threat actors to bypass authentication and gain administrative control of a victim's TeamCity server, as stated in a blog post by TeamCity. These vulnerabilities were discovered and reported by Rapid7 in February. The technical details of these flaws are expected to be released soon by the Rapid7 team, making it essential for teams using on-premises versions of TeamCity through 2023.11.3 to patch their systems promptly.

The vendor has released an updated version of TeamCity, 2023-11.4, and also provides a security patch plugin for teams that may not be able to upgrade quickly. The CI/CD environment is a crucial component of the software supply chain and hence, is a prime target for advanced persistent threat (APT) groups. In late 2023, several governments issued warnings about the Russian state-backed group APT29, also known as Nobelium, Midnight Blizzard, and Cozy Bear, exploiting a similar vulnerability in JetBrains TeamCity to carry out software supply chain cyberattacks.

Ryan Smith, head of product for Deepfence, stated, 'The ability of an unauthenticated attacker to bypass authentication checks and gain administrative control poses a significant risk not only to the immediate environment but also to the integrity and security of the software being developed and deployed through such compromised CI/CD pipelines.' Smith also noted a significant increase in the frequency and complexity of software supply chain cyberattacks. He stressed the importance of prompt vulnerability management and proactive threat detection strategies, suggesting that organizations can enhance their ability to counter emerging threats and protect their digital assets effectively by fostering a culture of agility and resilience.

Latest News

• Phobos Ransomware Targets U.S. Critical Infrastructure: Government Agencies Issue Warning
• North Korean Lazarus Group Exploited Windows Kernel Bug as Zero-Day for Six Months
• U.S. Judge Orders NSO Group to Disclose Pegasus Spyware Source Code to Meta
• CISA Issues Alert on Microsoft Streaming Bug Exploited in Malware Attacks
• Five Eyes Intelligence Alliance Issues Warning on Ivanti Gateway Vulnerabilities