Critical Authentication Bypass Vulnerability in TeamCity On-Premises Servers

February 6, 2024

JetBrains, the software development company, has issued an urgent call to customers to patch their TeamCity On-Premises servers due to a critical authentication bypass vulnerability. This severe flaw, designated as CVE-2024-23917, affects all versions of TeamCity On-Premises from 2017.1 to 2023.11.2 and can be exploited in remote code execution (RCE) attacks that do not require user interaction.

JetBrains strongly recommends all users of TeamCity On-Premises to upgrade their servers to 2023.11.3 to rectify this vulnerability. For servers that are publicly accessible and cannot be immediately upgraded, the company suggests making them temporarily inaccessible until mitigation steps are completed. For those unable to upgrade immediately, a security patch plugin can be used to secure servers running specific versions of TeamCity.

The company has confirmed that all TeamCity Cloud servers have been patched and there is no evidence of them being attacked. However, it remains unclear whether CVE-2024-23917 has been exploited in the wild to compromise internet-exposed TeamCity On-Premises servers. Shadowserver is currently monitoring over 2,000 TeamCity servers exposed online, but it is uncertain how many have been patched.

A similar authentication bypass vulnerability, tracked as CVE-2023-42793, was previously exploited by the APT29 hacking group, associated with Russia's Foreign Intelligence Service (SVR), in widespread RCE attacks since September 2023. The Cybersecurity and Infrastructure Security Agency (CISA) warned, 'By choosing to exploit CVE-2023-42793, a software development program, the authoring agencies assess the SVR could benefit from access to victims, particularly by allowing the threat actors to compromise the networks of dozens of software developers.'

Several ransomware gangs have also exploited this vulnerability since early October to infiltrate corporate networks. Microsoft reports that the North Korean hacking groups Lazarus and Andariel also utilized CVE-2023-42793 exploits to infiltrate victims' networks, likely in preparation for software supply chain attacks.

Finally, JetBrains states that over 30,000 organizations globally use the TeamCity software building and testing platform, including prominent companies like Citibank, Ubisoft, HP, Nike, and Ferrari.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.