JetBrains TeamCity Vulnerabilities

Try in Splunk Security Cloud

Description

This story provides a high-level overview of JetBrains TeamCity vulnerabilities and how to detect and respond to them using Splunk.

• Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
• Datamodel: Web
• Last Updated: 2024-03-04
• Author: Michael Haag, Splunk
• ID: 3cd841e8-2f64-45e8-b148-7767255db111

Narrative

JetBrains TeamCity is a continuous integration and deployment server that allows developers to automate the process of building, testing, and deploying code. It is a popular tool used by many organizations to streamline their development and deployment processes. However, like any software, JetBrains TeamCity is not immune to vulnerabilities.

Detections

Name	Technique	Type
JetBrains TeamCity Authentication Bypass CVE-2024-27198	Exploit Public-Facing Application	TTP
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198	Exploit Public-Facing Application	TTP
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199	Exploit Public-Facing Application	TTP
JetBrains TeamCity RCE Attempt	Exploit Public-Facing Application	TTP

Reference

• https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
• https://blog.jetbrains.com/teamcity/2024/03/teamcity-2023-11-4-is-out/
• https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/

source | version: 1