"CISA Warns on JetBrains TeamCity Flaw That Could Allow Hackers to Generate Admin Accounts"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, noting evidence of active exploitation. The JetBrains flaw is a critical authentication bypass problem in the TeamCity On-Premises software that enables unauthenticated attackers to completely take over target servers. It is tracked as CVE-2024-27198 and has a severity score of 9.8. According to Rapid7 security researchers, who discovered the vulnerability and reported it to JetBrains earlier this month, compromising a TeamCity server gives an attacker complete control over all TeamCity projects, builds, agents, and artifacts, making it a major vector for a supply chain attack. This article continues to discuss the potential exploitation and impact of the JetBrains TeamCity flaw.

TechRadar reports "CISA Warns on JetBrains TeamCity Flaw That Could Allow Hackers to Generate Admin Accounts"

Submitted by grigby1

Submitted by Gregory Rigby on