Analytics Story: JetBrains TeamCity Vulnerabilities

Description

This story provides a high-level overview of JetBrains TeamCity vulnerabilities and how to detect and respond to them using Splunk.

Why it matters

JetBrains TeamCity is a continuous integration and deployment server that allows developers to automate the process of building, testing, and deploying code. It is a popular tool used by many organizations to streamline their development and deployment processes. However, like any software, JetBrains TeamCity is not immune to vulnerabilities.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
JetBrains TeamCity Authentication Bypass CVE-2024-27198 Exploit Public-Facing Application TTP
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198 Exploit Public-Facing Application TTP
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199 Exploit Public-Facing Application TTP
JetBrains TeamCity RCE Attempt Exploit Public-Facing Application TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼
Suricata N/A suricata suricata

References


Source: GitHub | Version: 1