JetBrains urged clients immediately to patch their TeamCity On-Premises servers in opposition to a essential authentication bypass vulnerability that may let attackers take over weak cases with admin privileges.
Tracked as CVE-2024-23917, this essential severity flaw impacts all variations of TeamCity On-Premises from 2017.1 via 2023.11.2 and may be exploited in distant code execution (RCE) assaults that do not require person interplay.
“We strongly advise all TeamCity On-Premises customers to replace their servers to 2023.11.3 to remove the vulnerability,” JetBrains mentioned.
“In case your server is publicly accessible over the web and you’re unable to take one of many above mitigation steps instantly, we suggest quickly making it inaccessible till mitigation actions have been accomplished.”
Clients who can’t instantly improve may use a security patch plugin to safe servers working TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1.
Whereas the corporate says that every one TeamCity Cloud servers have been patched and there’s no proof they have been attacked, it has but to disclose if CVE-2024-23917 has been focused within the wild to hijack Web-exposed TeamCity On-Premises servers.
Shadowserver is monitoring greater than 2,000 TeamCity servers uncovered on-line, though there is no such thing as a solution to know what number of have already been patched.
An analogous authentication bypass flaw tracked as CVE-2023-42793 was exploited by the APT29 hacking group linked to Russia’s Overseas Intelligence Service (SVR) in widespread RCE assaults since September 2023.
“By selecting to take advantage of CVE-2023-42793, a software program growth program, the authoring businesses assess the SVR may gain advantage from entry to victims, notably by permitting the risk actors to compromise the networks of dozens of software program builders,” CISA warned.
A number of ransomware gangs have exploited the identical vulnerability since early October to breach company networks.
In line with Microsoft, the North Korean Lazarus and Andariel hacking teams additionally used CVE-2023-42793 exploits to backdoor victims’ networks, possible in preparation for software program provide chain assaults.
JetBrains says that greater than 30,000 organizations worldwide use TeamCity software program constructing and testing platform, together with high-profile corporations like Citibank, Ubisoft, HP, Nike, and Ferrari.
