JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199)


What are the Vulnerabilities? Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA's known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.
What is the Vendor Solution? On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]
What FortiGuard Coverage is available? FortiGuard Labs has provided protection via IPS signature "JetBrains.TeamCity.BaseController.Authentication.Bypass" to detect and block attack attempts targeting CVE-2024-27198 and has also released endpoint vulnerability signatures for CVE-2024-27198 and CVE-2024-27199, which can help detect vulnerable systems and auto-patch where applicable and has blocked all the known indicators of compromise (IoCs).
FortiGuard Labs recommends companies to review the vendor's advisory.