virus logo Threat Signal Report

JetBrains TeamCity Authentication Bypass Vulnerabilities

What are the Vulnerabilities?

Two new vulnerabilities affecting JetBrains TeamCity CI/CD server have been identified and tagged as CVE-2024-27198 and CVE-2024-27199. The most severe of the two, CVE-2024-27198, has been added to CISA's known exploited catalog which allows for a complete compromise of a vulnerable TeamCity server by a remote unauthenticated attacker.

What is the Vendor Solution?

On March 3, 2024, JetBrains released TeamCity 2023.11.4 to fix both CVE-2024-27198 and CVE-2024-27199. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs has provided protection via IPS signature "JetBrains.TeamCity.BaseController.Authentication.Bypass" to detect and block attack attempts targeting CVE-2024-27198 and has also released endpoint vulnerability signatures for CVE-2024-27198 and CVE-2024-27199, which can help detect vulnerable systems and auto-patch where applicable and has blocked all the known indicators of compromise (IoCs).
FortiGuard Labs recommends companies to review the vendor's advisory.

description-logoOutbreak Alert

FortiGuard’s global sensor network report consistently high levels of attack attempts targeting vulnerabilities associated with Earth Lamia APT campaigns. According to Trend Research, the hacking group known as Earth Lamia has been actively targeting a range of sectors- including finance, government, IT, logistics, retail, and education- shifting its focus based on evolving objectives and time periods. The group is known for its high level of activity and primarily exploits known vulnerabilities in public-facing systems and web applications to gain access.

View the full Outbreak Alert Report

Released Date Mar 12, 2024
Tags Earth Lamia APT Attack Threat Signal
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »