JetBrains urged prospects right this moment to patch their TeamCity On-Premises servers towards a essential authentication bypass vulnerability that may let attackers take over susceptible cases with admin privileges.
Tracked as CVE-2024-23917, this essential severity flaw impacts all variations of TeamCity On-Premises from 2017.1 by way of 2023.11.2 and might be exploited in distant code execution (RCE) assaults that do not require consumer interplay.
“We strongly advise all TeamCity On-Premises customers to replace their servers to 2023.11.3 to eradicate the vulnerability,” JetBrains stated.
“In case your server is publicly accessible over the web and you’re unable to take one of many above mitigation steps instantly, we advocate quickly making it inaccessible till mitigation actions have been accomplished.”
Clients who can not instantly improve may use a safety patch plugin to safe servers operating TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1.
Whereas the corporate says that every one TeamCity Cloud servers have been patched and there’s no proof they have been attacked, it has but to disclose if CVE-2024-23917 has been focused within the wild to hijack Web-exposed TeamCity On-Premises servers.
Shadowserver is monitoring greater than 2,000 TeamCity servers uncovered on-line, though there is no such thing as a approach to know what number of have already been patched.
The same authentication bypass flaw tracked as CVE-2023-42793 was exploited by the APT29 hacking group linked to Russia’s International Intelligence Service (SVR) in widespread RCE assaults since September 2023.
“By selecting to use CVE-2023-42793, a software program improvement program, the authoring businesses assess the SVR may benefit from entry to victims, significantly by permitting the risk actors to compromise the networks of dozens of software program builders,” CISA warned.
A number of ransomware gangs have exploited the identical vulnerability since early October to breach company networks.
Based on Microsoft, the North Korean Lazarus and Andariel hacking teams additionally used CVE-2023-42793 exploits to backdoor victims’ networks, probably in preparation for software program provide chain assaults.
JetBrains says that greater than 30,000 organizations worldwide use TeamCity software program constructing and testing platform, together with high-profile firms like Citibank, Ubisoft, HP, Nike, and Ferrari.
