TeamCity Authentication Bypass (CVE-2024-27198)
Description
JetBrains TeamCity contains a critical authentication bypass vulnerability (CVE-2024-27198) that allows remote attackers to circumvent authentication controls using specially crafted HTTP requests. This vulnerability affects the web interface and enables unauthorized access to the TeamCity server without requiring valid credentials. Successful exploitation grants attackers full administrative privileges to the system.
Remediation
Immediately upgrade TeamCity to the latest patched version that addresses CVE-2024-27198. JetBrains has released security updates for affected versions. Follow these steps:
1. Review the JetBrains security advisory to identify the appropriate patched version for your installation
2. Back up your TeamCity configuration and data before upgrading
3. Apply the security update following JetBrains' upgrade documentation
4. After upgrading, review system logs for any suspicious authentication attempts or unauthorized access that may have occurred prior to patching
5. Rotate all credentials, API tokens, and secrets stored in TeamCity as a precautionary measure
6. If immediate patching is not possible, restrict network access to the TeamCity server to trusted IP addresses only as a temporary mitigation