{"id":1184399,"date":"2024-03-08T05:41:26","date_gmt":"2024-03-08T07:41:26","guid":{"rendered":"https:\/\/teknomers.com\/fr\/cisa-met-en-garde-contre-une-vulnerabilite-jetbrains-teamcity-activement-exploitee\/"},"modified":"2024-03-08T05:41:30","modified_gmt":"2024-03-08T07:41:30","slug":"cisa-met-en-garde-contre-une-vulnerabilite-jetbrains-teamcity-activement-exploitee","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/cisa-met-en-garde-contre-une-vulnerabilite-jetbrains-teamcity-activement-exploitee\/","title":{"rendered":"CISA met en garde contre une vuln\u00e9rabilit\u00e9 JetBrains TeamCity activement exploit\u00e9e"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">08 mars 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9\/intelligence des menaces<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/03\/CISA-met-en-garde-contre-une-vulnerabilite-JetBrains-TeamCity-activement.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a annonc\u00e9 jeudi <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/03\/07\/cisa-adds-one-known-exploited-jetbrains-vulnerability-cve-2024-27198-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille de s\u00e9curit\u00e9 critique affectant le logiciel JetBrains TeamCity On-Premises et ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>), fond\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, identifi\u00e9e comme CVE-2024-27198 (score CVSS : 9,8), fait r\u00e9f\u00e9rence \u00e0 un bug de contournement d&#8217;authentification qui permet <a rel=\"nofollow noopener\" href=\"https:\/\/www.rapid7.com\/blog\/post\/2024\/03\/04\/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed\/\" target=\"_blank\">compromis complet<\/a> d&#8217;un serveur sensible par un attaquant distant non authentifi\u00e9.<\/p>\n<p>Il a \u00e9t\u00e9 corrig\u00e9 par JetBrains plus t\u00f4t cette semaine aux c\u00f4t\u00e9s de CVE-2024-27199 (score CVSS : 7,3), une autre faille de contournement d&#8217;authentification de gravit\u00e9 mod\u00e9r\u00e9e qui permet une \u00ab quantit\u00e9 limit\u00e9e \u00bb de divulgation d&#8217;informations et de modification du syst\u00e8me.<\/p>\n<div class=\"check_two clear bobbob\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/boundaries728\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/1708021586_957_Ivanti-Pulse-Secure-detecte-a-laide-dune-version-Linux-vieille.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Ces vuln\u00e9rabilit\u00e9s peuvent permettre \u00e0 un attaquant non authentifi\u00e9 disposant d&#8217;un acc\u00e8s HTTP(S) \u00e0 un serveur TeamCity de contourner les contr\u00f4les d&#8217;authentification et d&#8217;obtenir le contr\u00f4le administratif de ce serveur TeamCity&#8221;, avait alors not\u00e9 la soci\u00e9t\u00e9.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/03\/1709883686_744_CISA-met-en-garde-contre-une-vulnerabilite-JetBrains-TeamCity-activement.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/03\/1709883686_744_CISA-met-en-garde-contre-une-vulnerabilite-JetBrains-TeamCity-activement.jpg\" alt=\"Vuln\u00e9rabilit\u00e9 JetBrains TeamCity\" border=\"0\" data-original-height=\"349\" data-original-width=\"728\" title=\"Vuln\u00e9rabilit\u00e9 JetBrains TeamCity\"\/><\/a><\/div>\n<p>Des acteurs mena\u00e7ants ont \u00e9t\u00e9 observ\u00e9s utilisant ces deux failles comme une arme pour <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/codesiddhant\/Jasmin-Ransomware\" target=\"_blank\">Ran\u00e7ongiciel Jasmin<\/a> ainsi que cr\u00e9er <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/leak_ix\/status\/1765460190621581347\" target=\"_blank\">des centaines de comptes d&#8217;utilisateurs malveillants<\/a>selon <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/brody_n77\/status\/1765145148227555826\" target=\"_blank\">Gr\u00e8ve de foule<\/a> et <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/leak_ix\/status\/1765497407045853255\" target=\"_blank\">FuiteIX<\/a>.  La Fondation Shadowserver <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/Shadowserver\/status\/1764960110659478012\" target=\"_blank\">dit<\/a> il a d\u00e9tect\u00e9 des tentatives d&#8217;exploitation \u00e0 partir du 4 mars 2024.<\/p>\n<p>Les statistiques partag\u00e9es par GreyNoise montrent que CVE-2024-27198 est tomb\u00e9 sous le coup <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tags\/teamcity-jetbrain-cve-2024-27198-auth-bypass-attempt\" target=\"_blank\">exploitation \u00e0 grande \u00e9chelle<\/a> \u00e0 partir de plus d&#8217;une douzaine d&#8217;adresses IP uniques peu de temps apr\u00e8s la divulgation publique de la faille.<\/p>\n<p>Compte tenu de l&#8217;exploitation active, il est conseill\u00e9 aux utilisateurs ex\u00e9cutant des versions sur site du logiciel d&#8217;appliquer les mises \u00e0 jour d\u00e8s que possible afin d&#8217;att\u00e9nuer les menaces potentielles.  Les agences f\u00e9d\u00e9rales sont tenues de mettre \u00e0 jour leurs instances d&#8217;ici le 28 mars 2024.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/03\/cisa-warns-of-actively-exploited.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80208 mars 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9\/intelligence des menaces L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a annonc\u00e9 jeudi ajout\u00e9e une faille de s\u00e9curit\u00e9 critique affectant le logiciel JetBrains TeamCity On-Premises et ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), fond\u00e9 sur des preuves d&#8217;exploitation active. La vuln\u00e9rabilit\u00e9, identifi\u00e9e comme CVE-2024-27198 (score CVSS : 9,8), fait r\u00e9f\u00e9rence \u00e0 un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1184400,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,200292,4805,4168,841,4165,4161,200267,36372,525,206312,4159,4171,200271,4955,200268,200269,200270,128318,4172,4169,206313,196,4166,3667,4164],"class_list":["post-1184399","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-actualites-sur-la-cybersecurite","tag-cisa","tag-comment-pirater","tag-contre","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-exploitee","tag-garde","tag-jetbrains","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-teamcity","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1184399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1184399"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1184399\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1184400"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1184399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1184399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1184399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}