Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: High Severity Vulnerability In JetBrains TeamCity Allows Deleted Or Expired Access Tokens To Remain Functional, Patch Immediately!
Image
Published : 23/07/2024
Reference:
Advisory #2024-113
Version:
1.0
Affected software:
JetBrains TeamCity before version 2024.07
Type:
Insufficient Session Expiration (CWE-613)
CVE/CVSS:
CVE-2024-41827: CVSS 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Sources
JetBrains: https://www.jetbrains.com/privacy-security/issues-fixed/
Risks
A high severity vulnerability affecting JetBrains TeamCity allows deleted or expired access tokens to remain functional. This vulnerability is attractive to treat actors, as it targets CI/CD systems which have access to sensitive codebases and deployment environments. This could heavily impact the supply chain of developers and organisations using TeamCity if their system is compromised.
Furthermore, the vulnerability has a high impact on confidentiality and integrity.
Description
CVE-2024-41827 - Insufficient Session Expiration
This vulnerability is due to access tokens in JetBrains TeamCity that continue working after deletion or expiration.
An attacker with a compromised token could:
- Maintain unauthorized access to TeamCity projects
- Access sensitive information (source code, build configs)
- Modify build processes or inject malicious code
- Interact with connected version control systems
- Potentially escalate privileges
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https:/ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2024-41827
Feedly: https://feedly.com/cve/CVE-2024-41827?utm_campaign=cve_intelligence_card