Analytics Story: JetBrains TeamCity Vulnerabilities
Description
This story provides a high-level overview of JetBrains TeamCity vulnerabilities and how to detect and respond to them using Splunk.
Why it matters
JetBrains TeamCity is a continuous integration and deployment server that allows developers to automate the process of building, testing, and deploying code. It is a popular tool used by many organizations to streamline their development and deployment processes. However, like any software, JetBrains TeamCity is not immune to vulnerabilities.
Detections
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Suricata | N/A | suricata |
suricata |
References
- https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/
- https://blog.jetbrains.com/teamcity/2024/03/teamcity-2023-11-4-is-out/
- https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
Source: GitHub | Version: 1