On 5 February 2023, JetBrains published a blog describing a critical vulnerability (CVE-2024-23917) affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit this vulnerability to bypass authentication and gain administrative control of a TeamCity Server.
TeamCity is a continuous integration/continuous deployment (CI/CD) software platform for automating and managing the development of software. At this time, Arctic Wolf has not identified any active exploitation of this vulnerability or Proof-of-Concept (PoC) exploits. Russian Foreign Intelligence Service (SVR) affiliated threat actors previously exploited a critical vulnerability (CVE-2023-42793) to target TeamCity servers in late 2023. Arctic Wolf assesses threat actors are likely to turn their attention to exploiting CVE-2024-23917 in the near term, based on the potential for a variety of malicious actions that can be carried out once the vulnerability is exploited, in addition to this recent targeting of TeamCity servers.
Recommendation for CVE-2024-23917
Upgrade JetBrains TeamCity On-Premises to 2023.11.3
Arctic Wolf strongly recommends upgrading TeamCity On-Premises to 2023.11.3
Product | Affected Version | Fixed Version |
TeamCity On-Premises | 2017.1 – 2023.11.2 | 2023.11.3 |
Note: JetBrains has stated that all TeamCity Cloud servers have been patched.
Please follow your organisation’s patching and testing guidelines to avoid operational impact.
Workaround (Optional)
For users who are unable to upgrade their server to version 2023.11.3, JetBrains has provided a security patch plugin that can be used to patch your environment. The patch plugins can be downloaded below for your respective version of TeamCity:
Downloads |
TeamCity 2018.2+ |
TeamCity 2017.1, 2017.2, and 2018.1 |
References
See other important security bulletins from Arctic Wolf.