JetBrains [1] [2] [3] [4] [5] [6] [7], the company behind TeamCity On-Premises software, has released an urgent patch to address a critical vulnerability that affects all versions of the software from 2017.1 through 2023.11.2. This vulnerability allows remote attackers to bypass authentication checks and gain administrative control over the server [5] [7].
Description
JetBrains has discovered and reported a critical vulnerability (CVE-2024-23917) in their TeamCity On-Premises software. This flaw has a severity rating of 9.8 out of 10 and can be exploited by unauthenticated attackers with HTTP(S) access. It is important to note that a similar flaw in the same product was actively exploited by threat actors last year (CVE-2023-42793).
To address this issue, JetBrains recommends immediate patching or upgrading to version 2023.11.3. Users who cannot update to the latest version can apply a security patch plugin [4]. It is also advised to maintain an accurate IT asset inventory as part of a longer-term vulnerability management approach. If the affected server is publicly accessible over the internet and immediate mitigation steps cannot be taken [4], JetBrains suggests temporarily making it inaccessible.
Conclusion
Promptly addressing this vulnerability is crucial, as historical parallels indicate the severity of such flaws. The APT29 hacking group and ransomware groups have previously exploited similar vulnerabilities for unauthorized access [6]. Upgrading to the latest version [4] [6], promptly addressing vulnerabilities [6], and following cybersecurity best practices are key to safeguarding against potential cyberattacks. It is important to note that TeamCity Cloud servers have already been patched and were not targeted in any attacks.
References
[1] https://www.helpnetsecurity.com/2024/02/07/cve-2024-23917/
[2] https://digital.nhs.uk/cyber-alerts/2024/cc-4451
[3] https://www.infosecurity-magazine.com/news/flaw-exposed-jetbrains-teamcity/
[4] https://thehackernews.com/2024/02/critical-jetbrains-teamcity-on-premises.html
[5] https://www.cybersecuritydive.com/news/jetbrains-critical-vulnerability-teamcity/706834/
[6] https://www.rivitmedia.com/cyberthreats/malware/cve-2024-23917-teamcity-on-premises/
[7] https://www.bankinfosecurity.com/jetbrains-servers-patched-for-critical-rce-flaw-a-24299