JetBrains has released a patch to address a critical flaw tracked as CVE-2024-23917. The vulnerability in TeamCity On-Premises may allow an attacker to gain admin privileges on successful exploitation.
JetBrains TeamCity On-Premises is a continuous integration and deployment server. It can be installed on Windows, Linux, and macOS or run in Docker. The tool helps build, check, and run automated tests on the server before committing changes. It also helps in configuration as code and comprehensive VCS integration.
An attacker must have HTTP(S) access to a TeamCity server to exploit the vulnerability. An attacker may exploit the flaw, bypass authentication checks, and gain administrative control of that TeamCity server.
APT29, a hacking group linked to Russia’s Foreign Intelligence Service (SVR), had exploited a similar authentication bypass flaw, tracked as CVE-2023-42793, in widespread RCE attacks in September 2023.
As per Shodan, over 15,000 JetBrains TeamCity On-Premises interfaces are exposed to the internet.
Image Source: Shodan
Affected Versions
The vulnerability affects all TeamCity On-Premises versions from 2017.1 through 2023.11.2.
Mitigation
Customers are advised to upgrade to TeamCity On-Premises version 2023.11.3 or later to patch the vulnerability.
If users cannot upgrade to the latest version, they can use a patch plugin to mitigate the vulnerability. Users can download the patch plugin from TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1.
Please refer to the JetBrains TeamCity Security Advisory for more information.
Qualys Detection
Qualys customers can scan their devices with QID 379353 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.