JetBrains, the renowned developer of integrated development environments, has issued a critical alert urging all customers to update their TeamCity On-Premises servers.
CVE-2024-23917 Should Be Patched Urgently
The urgency stems from a severe authentication bypass vulnerability, tracked as CVE-2024-23917, discovered in all versions of TeamCity On-Premises spanning from 2017.1 through 2023.11.2. This vulnerability poses an imminent threat, allowing attackers to seize control of vulnerable instances with administrative privileges without requiring user interaction.
In a recent statement, JetBrains emphasized the gravity of the situation, urging all TeamCity On-Premises users to immediately upgrade to version 2023.11.3 to eradicate the vulnerability. For those unable to execute the update promptly, JetBrains recommends temporarily restricting access to servers accessible via the internet until mitigation measures are implemented.
Customers encountering challenges with immediate upgrades can deploy a security patch plugin tailored for TeamCity 2018.2+ and earlier versions, including TeamCity 2017.1, 2017.2, and 2018.1, to bolster server security.
While JetBrains has assured that all TeamCity Cloud servers have been patched and have not detected any attacks exploiting CVE-2024-23917, the company has refrained from disclosing if malicious actors have targeted internet-exposed TeamCity On-Premises servers.
The gravity of this vulnerability is compounded by historical precedents, as highlighted by Shadowserver’s monitoring of over 2,000 TeamCity servers exposed online. However, the exact number of servers yet to be patched remains unknown.
A Connection to CVE-2023-42793
This critical vulnerability in TeamCity On-Premises servers evokes memories of a similar authentication bypass flaw, CVE-2023-42793, exploited by the notorious APT29 hacking group, linked to Russia’s Foreign Intelligence Service (SVR), in widespread remote code execution (RCE) attacks since September 2023.
The severity of the situation prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning, emphasizing the potential ramifications of such exploits, particularly in compromising the networks of numerous software developers.
The exploitation of CVE-2023-42793 has not been confined to state-sponsored actors alone; ransomware groups have leveraged the vulnerability to infiltrate corporate networks since early October. In addition, hacking groups such as North Korea’s Lazarus and Andariel have exploited the flaw to surreptitiously access victims’ networks, hinting at potential software supply chain attacks in the making.
JetBrains’ TeamCity software building and testing platform boasts a significant user base of over 30,000 organizations worldwide, including prestigious entities like Citibank, Ubisoft, HP, Nike, and Ferrari. The widespread adoption of TeamCity shows the urgency of addressing the critical vulnerability to safeguard against potentially devastating cyberattacks.