JetBrains warns of new TeamCity auth bypass vulnerability

Trending 3 weeks ago


JetBrains urged customers coming to spot their TeamCity On-Premises servers against a captious authentication bypass vulnerability that tin fto attackers return complete susceptible instances pinch admin privileges.

Tracked arsenic CVE-2024-23917, this captious severity flaw impacts each versions of TeamCity On-Premises from 2017.1 done 2023.11.2 and tin beryllium exploited successful distant codification execution (RCE) attacks that don't require personification interaction.

"We powerfully counsel each TeamCity On-Premises users to update their servers to 2023.11.3 to destruct nan vulnerability," JetBrains said.

"If your server is publically accessible complete nan net and you are incapable to return 1 of nan supra mitigation steps immediately, we urge temporarily making it inaccessible until mitigation actions person been completed."

Customers who cannot instantly upgrade tin besides usage a information spot plugin to unafraid servers moving TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1.

While nan institution says that each TeamCity Cloud servers person been patched and location is nary grounds they've been attacked, it has yet to uncover if CVE-2024-23917 has been targeted successful nan chaotic to hijack Internet-exposed TeamCity On-Premises servers.

Shadowserver is search more than 2,000 TeamCity servers exposed online, though location is nary measurement to cognize really galore person already been patched.

​A akin authentication bypass flaw tracked arsenic CVE-2023-42793 was exploited by nan APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) successful widespread RCE attacks since September 2023.

"By choosing to utilization CVE-2023-42793, a package improvement program, nan authoring agencies measure nan SVR could use from entree to victims, peculiarly by allowing nan threat actors to discuss nan networks of dozens of package developers," CISA warned.

Several ransomware gangs person exploited nan aforesaid vulnerability since early October to breach firm networks.

According to Microsoft, nan North Korean Lazarus and Andariel hacking groups besides utilized CVE-2023-42793 exploits to backdoor victims' networks, apt successful mentation for package proviso concatenation attacks.

JetBrains says that much than 30,000 organizations worldwide usage TeamCity package building and testing platform, including high-profile companies for illustration Citibank, Ubisoft, HP, Nike, and Ferrari.