CVE-2024-41827: Expired Tokens Still Active in JetBrains TeamCity, Urgent Update Required

by do son · July 24, 2024

JetBrains TeamCity, a widely used continuous integration and continuous delivery (CI/CD) platform, has been found to contain a high-severity security vulnerability (CVE-2024-41827). This flaw allows deleted or expired access tokens to continue functioning, potentially granting attackers extended and unauthorized access to critical development environments.

The vulnerability arises due to a flaw in TeamCity’s token management system. Even after an access token is deleted or expired, it can remain active, enabling attackers to maintain access to sensitive projects, source code, build configurations, and connected version control systems. This not only compromises the confidentiality of intellectual property but also opens the door to tampering with build processes and injecting malicious code.

This vulnerability poses a significant threat to the software supply chain. If an attacker successfully exploits the flaw, they could potentially introduce malicious code into software builds, which could then be distributed to unsuspecting users. The consequences could be devastating, ranging from data breaches to service disruptions.

JetBrains has addressed the CVE-2024-41827 vulnerability in version 2024.07 of TeamCity. It is crucial for all organizations using TeamCity to update their systems immediately to mitigate the risk of exploitation. Additionally, organizations should:

Revoke and reissue all existing access tokens: This step ensures that any potentially compromised tokens are rendered inactive.
Review access logs: Look for any suspicious activity, such as unauthorized access attempts or modifications to build configurations.
Implement additional security measures: Consider using multi-factor authentication (MFA) for TeamCity users and implementing robust security policies for access token management.