JetBrains Refuses To Reveal Details Of Patched Security Issues

JetBrains, the company behind the TeamCity CI/CD web application, recently released a patch for the product, addressing no less than 26 vulnerabilities.

However, the company was apparently reluctant to reveal any specific details about the JetBrains flaws, raising eyebrows among the cybersecurity community.

In the release notes, published on March 27, the only thing the team said was “26 security problems have been fixed.”

Disclosure drama

Usually, when a company addresses security issues, they share CVE tracking numbers for the vulnerabilities. These numbers describe the problem in a few short sentences, and tell the IT teams how severe the issue is. That helps them decide if they should rush with the implementation of the patch and whether or not their premises are in imminent danger.

This time around, not even CVEs had been listed, which surprised the wider cybersecurity community. In its writeup, The Register speculates that this was JetBrains’ response to the recent “disclosure drama involving Rapid7”.

For those unfamiliar with the “disclosure drama”, JetBrains recently patched a pair of flaws in complete silence, later saying that it was giving admins a head start against hackers looking to exploit the vulnerabilities. Rapid7, on the other hand, didn’t believe the company, and published a how-to guide on exploiting the flaws, mere hours after the patch was pushed. Consequently, some systems were breached.

Other researchers believe this could have something to do with the recent security incidents at TeamCity. In early March 2024, the company released a patch for two high-severity flaws plaguing its product. Soon after, CISA added it to its KEV list, signaling in-the-wild abuse. There is a slight chance that this patch, at least partially, addresses the aftermath of the two high-severity vulnerabilities, forcing the team to remain tight-lipped until the majority of customers patched up.

Posting a thread on Infosec Exchange, a user named “Not Simon” found that the JetBrains Security Bulletin only shows 7 vulnerabilities out of the 26. The list can be found here.

More from TechRadar Pro

https://www.techradar.com/rss

Sead Fadilpa&scaron;ić

April 2, 2024 11:58 am

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Disclosure drama

More from TechRadar Pro

Leave a ReplyCancel reply

BASED Frat Boys DEFEND American Flag On UNC Campus!

UCLA student rips university for handling of encampment: ‘Doing absolutely nothing’

Biden’s pushback on Israel ‘undermining’ ceasefire negotiations

‘Hell of a worry’: Government slammed for billion-dollar quantum computing investment

School curriculum ‘cluttered’ with ‘woke nonsense’

Just don’t use this app…

Arthur Brooks on Commitment

“Basic humanitarian aid” 😂

Disclosure drama

More from TechRadar Pro

You May Like This --

Leave a ReplyCancel reply