The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its catalog of known exploited vulnerabilities (KEVs), based on evidence of exploitation active.
The vulnerability, tracked as CVE-2024-27198 (CVSS Score: 9.8), relates to an authentication bypass bug that allows a susceptible server to be completely compromised by an unauthenticated, remote attacker.
The issue was patched by JetBrains earlier this week alongside CVE-2024-27199 (CVSS score: 7.3), another moderate-severity authentication bypass flaw that allows a “limited amount” of disclosure of system information and changes.
“The vulnerabilities could allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative control of that TeamCity server,” the company noted at the time.
Threat actors have been observed to weaponize dual flaws to spread and create Jasmin ransomware hundreds of unauthorized user accountssecond CrowdStrike AND LeakIX. The Shadowserver Foundation She said detected exploitation attempts as of March 4, 2024.
Statistics shared by GreyNoise show that CVE-2024-27198 was widely exploited by over a dozen unique IP addresses shortly after the flaw was publicly disclosed.
In light of active exploitation, users using local versions of the software are advised to apply updates as soon as possible to mitigate potential threats. Federal agencies are required to update their applications by March 28, 2024.