"CISA Warns on JetBrains TeamCity Flaw That Could Allow Hackers to Generate Admin Accounts"
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a JetBrains vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, noting evidence of active exploitation. The JetBrains flaw is a critical authentication bypass problem in the TeamCity On-Premises software that enables unauthenticated attackers to completely take over target servers. It is tracked as CVE-2024-27198 and has a severity score of 9.8. According to Rapid7 security researchers, who discovered the vulnerability and reported it to JetBrains earlier this month, compromising a TeamCity server gives an attacker complete control over all TeamCity projects, builds, agents, and artifacts, making it a major vector for a supply chain attack. This article continues to discuss the potential exploitation and impact of the JetBrains TeamCity flaw.
Submitted by grigby1