BI.ZONE WAF addresses two critical vulnerabilities in JetBrains TeamCity software

Two vulnerabilities affecting TeamCity, a continuous integration server and build management tool by JetBrains, were identified by security researchers in late February. The vulnerabilities affect all TeamCity On-Premises versions through 2023.11.3. JetBrains has fixed the issue in version 2023.11.4.

CVE-2024-27198: 9.8 out of 10 points on the CVSS scale

An authentication bypass vulnerability that allows adversaries to create a new user with admin privileges. This may result in a complete loss of control over a vulnerable TeamCity environment.

CVE-2024-27199: 7.3 out of 10 points on the CVSS scale

This vulnerability arises from a path traversal issue that enables unauthenticated attackers to access specific TeamCity configuration files. Thus, the attackers can learn about the victim organization’s projects and their statuses and access other critical information.

To avoid the risk of compromise, companies must update TeamCIty. If for some reason they can not do it quickly, BI.ZONE WAF can protect them. The new defense rules control the passed parameters of HTTP requests. If anomalies are detected in an HTTP request, BI.ZONE WAF will block it automatically. Protection against the CVE-2024-27199 vulnerability is provided by a classic rule to repel path traversal attacks.

In addition, the BI.ZONE security assessment team has designed new rules for the BI.ZONE CPT service. They allow the scanner to detect vulnerable TeamCity versions installed on client systems.

BI.ZONE WAF provides multilayer protection of web applications and APIs, counteracts bot activity, and identifies vulnerabilities. The service can be used to protect web applications of critical information infrastructure facilities, government databases, and personal data systems.