HomeCII/OTCritical Vulnerability in TeamCity Allows for Server Takeovers

Critical Vulnerability in TeamCity Allows for Server Takeovers

Published on

spot_img

JetBrains has recently addressed a critical security vulnerability in its TeamCity On-Premises server that could potentially allow unauthenticated remote attackers to gain control over an affected server and conduct further malicious activities within an organization’s environment. TeamCity is a widely used software development lifecycle (SDLC) management platform by over 30,000 organizations, including reputable brands such as Citibank, Nike, and Ferrari, for automating software development processes such as building, testing, and deploying software.

The vulnerability, identified as CVE-2024-23917, presents an authentication bypass weakness, allowing unauthenticated attackers with HTTP(S) access to the TeamCity server to bypass authentication checks and gain administrative control. The flaw affects all versions between 2017.1 and 2023.11.2 of the TeamCity On-Premises server.

In response, JetBrains has released an update, TeamCity On-Premises version 2023.11.3, to address the vulnerability. The company has also patched its TeamCity Cloud servers and confirmed that its own servers were not compromised.

This isn’t the first time that TeamCity has been targeted by attackers. Last year, a critical remote code execution flaw, CVE-2023-42793, was exploited by multiple state-sponsored threat groups, including North Korean and Russian actors, for malicious activity such as cyber espionage, data theft, and financially motivated attacks.

Given this history of exploitation, JetBrains is urging organizations with affected products to update to the patched version immediately. For those unable to perform the update, a security patch plugin is available for download and can be installed on affected versions. However, JetBrains emphasizes that this patch plugin only addresses the vulnerability and recommends installing the latest version of TeamCity On-Premises for full security updates.

For publicly accessible servers over the Internet that cannot be immediately patched or mitigated, JetBrains advises making the server inaccessible until the flaw can be addressed.

Brian Contos, Chief Security Officer at Sevco Security, stresses the importance of organizations taking immediate action to handle the issue. While patching is a crucial step, he suggests that organizations should also work towards a sustainable approach to vulnerability management, especially in identifying and securing potentially vulnerable servers that may not appear on their IT asset inventory.

In conclusion, JetBrains’ swift response in releasing patches and security updates reflects the severity of the situation and the necessity for organizations to prioritize the mitigation of the TeamCity vulnerability. As cyber threats continue to evolve, organizations are urged to remain vigilant and take proactive measures to safeguard their systems and data.

Source link

Latest articles

SureMDM On-Premise CAPTCHA Bypass and User Enumeration

SureMDM On-Premise versions prior to 6.31 have been found to contain vulnerabilities that could...

CrowdStrike Global Threat Report: Increase of 75% in Cloud Intrusions

CrowdStrike's annual Global Threat Report for 2024 was released on Wednesday, revealing concerning statistics...

AI Generated Patches May Reduce Developer and Operations Workload

Large language models (LLMs) are offering a tantalizing prospect of speeding up software development...

VMware advises administrators to remove deprecated and vulnerable authentication plug-in

VMware Issued A Warning About Authentication System Vulnerability Specialists at VMware are strongly recommending administrators...

More like this

SureMDM On-Premise CAPTCHA Bypass and User Enumeration

SureMDM On-Premise versions prior to 6.31 have been found to contain vulnerabilities that could...

CrowdStrike Global Threat Report: Increase of 75% in Cloud Intrusions

CrowdStrike's annual Global Threat Report for 2024 was released on Wednesday, revealing concerning statistics...

AI Generated Patches May Reduce Developer and Operations Workload

Large language models (LLMs) are offering a tantalizing prospect of speeding up software development...
en_USEnglish