Critical TeamCity Bugs Endanger Software Supply Chain

  /     /     /  
Publicated : 23/11/2024   Category : security


Critical TeamCity Bugs Endanger Software Supply Chain


Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.



Cloud versions of the JetBrains TeamCity software development platform manager have already been updated against a new pair of critical vulnerabilities, but on-premises deployments need immediate patching, a security advisory from the vendor warned this week.
This is the second round of
critical TeamCity vulnerabilities
in the past two months. The ramifications could be wide: The companys software development lifecycle (SDLC) platform is used across 30,000 organizations, including Citibank, Nike, and Ferrari.
The TeamCity tool manages the software development CI/CD pipeline, which is the process by which code is built, tested, and deployed. The new vulnerabilities, tracked under CVE-2024-27198 and CVE-2024-27199, could allow threat actors to bypass authentication and gain admin control of the victims TeamCity server, according to a
blog post from TeamCity
.
The flaws were found and reported by Rapid7 in February, the company added. The Rapid7 team is poised to release full technical details imminently, making it imperative for teams running TeamCity on-premises versions through 2023.11.3 to get their systems patched before threat actors catch onto the opportunity, the company advised.
In addition to releasing an updated TeamCity version, 2023-11.4, the vendor offered a security patch plugin for teams unable to upgrade quickly.
The CI/CD environment is fundamental to the software supply chain, making it an attractive attack vector for sophisticated advanced persistent threat (APT) groups.
In late 2023, governments worldwide raised the alarm that the Russian state-backed group APT29 (aka Nobelium, Midnight Blizzard, and Cozy Bear — the threat actor behind the 2020
SolarWinds attack
) was actively exploiting a similar
vulnerability in JetBrains TeamCity
that could likewise allow software supply chain cyberattacks.
The ability of an unauthenticated attacker to bypass authentication checks and gain administrative control poses a significant risk not only to the immediate environment but also to the integrity and security of the software being developed and deployed through such compromised CI/CD pipelines, Ryan Smith, head of product for Deepfence, said in a statement.
Smith added the data shows a notable uptick in both the volume and the complexity of software supply chain cyberattacks in general.
The recent JetBrains incident serves as a stark reminder of the criticality of prompt vulnerability management and proactive threat detection strategies, Smith said. By fostering a culture of agility and resilience, organizations can enhance their ability to thwart emerging threats and safeguard their digital assets effectively.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Critical TeamCity Bugs Endanger Software Supply Chain