Found 5 bookmarks
Newest
Rapid7 flames JetBrains over vulnerability disclosure
Rapid7 flames JetBrains over vulnerability disclosure
Security shop Rapid7 is criticizing JetBrains for flouting its policy against silent patching regarding fixes for two fresh vulnerabilities in the TeamCity CI/CD server. Rapid7 says it reported the two TeamCity vulnerabilities in mid-February, claiming JetBrains soon after suggested releasing patches for the flaws before publicly disclosing them. Such a move is typically seen as a no-no by the infosec community, which favors transparency, but there's apparently a time and a place for these things.
#theregister#EN#2024#Rapid7#flames#JetBrains
·theregister.com·
Rapid7 flames JetBrains over vulnerability disclosure
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
In February 2024, Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue (CWE-288) and has a CVSS base score of 9.8 (Critical). CVE-2024-27199 is an authentication bypass vulnerability in the web component of TeamCity that arises from a path traversal issue (CWE-22) and has a CVSS base score of 7.3 (High).
#rapid7#EN#2024#research#JetBrains#TeamCity#CVE-2024-27198#CVE-2024-27199
·rapid7.com·
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)