Pierluigi Paganini February 07, 2024

A new vulnerability in JetBrains TeamCity On-Premises can be exploited by threat actors to take over vulnerable instances.

JetBrains addressed a critical security vulnerability, tracked as CVE-2024-23917 (CVSS score 9.8) in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software.

An attacker can trigger the vulnerability to take over vulnerable installs.

“The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.” reads the advisory. “The vulnerability affects all TeamCity On-Premises versions from 2017.1 through 2023.11.2.”

JetBrains has fixed the flaw with the release of version 2023.11.3.

Administrators who are not able to update their instances to version 2023.11.3 can download a security patch plugin to patch their environment. The security patch plugin can be installed on TeamCity versions 2017.1 through 2023.11.2. It will patch the vulnerability described above.

“The security patch plugin will only address the vulnerability described above. We always recommend upgrading your server to the latest version to benefit from many other security updates.” concludes the advisory. “If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed.”

The company is not aware of attacks in the wild exploiting this vulnerability.

In December, experts warn that the Russia-linked APT29 group has been observed targeting JetBrains TeamCity servers to gain initial access to the targets’ networks.

The attackers were observed exploiting an authentication bypass issue, tracked as CVE-2023-42793, affecting the on-premises version of TeamCity. An attacker can exploit the flaw to steal source code and stored service secrets and private keys of the target organization. By injecting malicious code, an attacker can also compromise the integrity of software releases and impact all downstream users.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, TeamCity)