JetBrains has recently addressed a critical security vulnerability in its TeamCity On-Premises server that could potentially allow unauthenticated remote attackers to gain control over an affected server and conduct further malicious activities within an organization’s environment. TeamCity is a widely used software development lifecycle (SDLC) management platform by over 30,000 organizations, including reputable brands such as Citibank, Nike, and Ferrari, for automating software development processes such as building, testing, and deploying software.
The vulnerability, identified as CVE-2024-23917, presents an authentication bypass weakness, allowing unauthenticated attackers with HTTP(S) access to the TeamCity server to bypass authentication checks and gain administrative control. The flaw affects all versions between 2017.1 and 2023.11.2 of the TeamCity On-Premises server.
In response, JetBrains has released an update, TeamCity On-Premises version 2023.11.3, to address the vulnerability. The company has also patched its TeamCity Cloud servers and confirmed that its own servers were not compromised.
This isn’t the first time that TeamCity has been targeted by attackers. Last year, a critical remote code execution flaw, CVE-2023-42793, was exploited by multiple state-sponsored threat groups, including North Korean and Russian actors, for malicious activity such as cyber espionage, data theft, and financially motivated attacks.
Given this history of exploitation, JetBrains is urging organizations with affected products to update to the patched version immediately. For those unable to perform the update, a security patch plugin is available for download and can be installed on affected versions. However, JetBrains emphasizes that this patch plugin only addresses the vulnerability and recommends installing the latest version of TeamCity On-Premises for full security updates.
For publicly accessible servers over the Internet that cannot be immediately patched or mitigated, JetBrains advises making the server inaccessible until the flaw can be addressed.
Brian Contos, Chief Security Officer at Sevco Security, stresses the importance of organizations taking immediate action to handle the issue. While patching is a crucial step, he suggests that organizations should also work towards a sustainable approach to vulnerability management, especially in identifying and securing potentially vulnerable servers that may not appear on their IT asset inventory.
In conclusion, JetBrains’ swift response in releasing patches and security updates reflects the severity of the situation and the necessity for organizations to prioritize the mitigation of the TeamCity vulnerability. As cyber threats continue to evolve, organizations are urged to remain vigilant and take proactive measures to safeguard their systems and data.