TeamCity Authentication Bypass Flaw to Gain Admin Control


A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited.

TeamCity is a building management and continuous integration server developed by JetBrains that can be installed on-premises or used as a cloud service.

This particular attack, which is identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288), carries a high risk of damage and exploitability. 

Remote code execution (RCE) attacks that do not require user input can exploit this vulnerability.

Document

Run Free ThreatScan on Your Mailbox

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Affected Versions

All TeamCity On-Premises versions from 2017.1 through 2023.11.2 are vulnerable.

TeamCity Cloud servers have already been patched and have been verified not to be compromised.

Fix Released

The issue has been patched in version 2023.11.3, and JetBrains has notified its customers.

“We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” JetBrains said.

If you are unable to update your server to version 2023.11.3, JetBrains has released a security patch plugin that allows you to continue patching your environment.

Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1

“If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed,” the company said.

As per the findings of the Shadowserver report, more than 45,000 instances of Jenkins were found to be vulnerable to an arbitrary file read vulnerability.

This flaw could potentially allow unauthorized access to sensitive files and data, posing a significant security risk to the affected systems.

It is crucial for Jenkins users to take immediate action to address this vulnerability and implement necessary security measures to safeguard their systems against potential attacks.

A similar vulnerability in the TeamCity On-Premises tracked as CVE-2023-42793 with a CVSS score of 9.8 was identified the previous year. Several nation-state threat actors from North Korea aggressively took advantage of the vulnerability.

These nation-state threat actors have been seen breaking into compromised Windows-based TeamCity environments by using a variety of malware and tools to create backdoors.

Hence, to safeguard their systems against possible exploitation, users should update their servers to this most recent version.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.





Source link