JetBrains TeamCity (jetbrains.com) #software #jetbrains #vuln #threats #informatique [ https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/ ]

• CVE-2024-27198 CVSS v3 9.8)
• CVE-2024-27199 CVSS v3 7.3)

ⓘ LeakIX (leakix.net) added detection for compromised #TeamCity instances ( LeakIX )

📌 « The situation involving two (2) TeamCity vulnerabilities, CVE-2024-27198 & CVE-2024-27199, continues to unfold. Before noting anything else, we should state that dealing with this should be a highest-priority matter for users of the company’ s on-premises CI/CD dev platform – as in, now. » ( [Sophos X-Ops][https://infosec.exchange/@SophosXOps/112051642951259188) )