CVE-2024-23917: Critical Vulnerability Affecting On-Premises Servers of TeamCity

Share :

On February 5, 2023, JetBrains published a blog describing a critical vulnerability (CVE-2024-23917) affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit this vulnerability to bypass authentication and gain administrative control of a TeamCity Server.  

TeamCity is a continuous integration/continuous deployment (CI/CD) software platform for automating and managing the development of software. At this time, Arctic Wolf has not identified any active exploitation of this vulnerability or Proof-of-Concept (PoC) exploits. Russian Foreign Intelligence Service (SVR) affiliated threat actors previously exploited a critical vulnerability (CVE-2023-42793) to target TeamCity servers in late 2023. Arctic Wolf assesses threat actors are likely to turn their attention to exploiting CVE-2024-23917 in the near term, based on the potential for a variety of malicious actions that can be carried out once the vulnerability is exploited, in addition to this recent targeting of TeamCity servers. 

Recommendation for CVE-2024-23917

Upgrade JetBrains TeamCity On-Premises to 2023.11.3

Arctic Wolf strongly recommends upgrading TeamCity On-Premises to 2023.11.3 

Product  Affected Version  Fixed Version 
TeamCity On-Premises  2017.1 – 2023.11.2  2023.11.3 

 

Note: JetBrains has stated that all TeamCity Cloud servers have been patched.  

Please follow your organization’s patching and testing guidelines to avoid operational impact. 

Workaround (Optional) 

For users who are unable to upgrade their server to version 2023.11.3, JetBrains has provided a security patch plugin that can be used to patch your environment. The patch plugins can be downloaded below for your respective version of TeamCity: 

Downloads 
TeamCity 2018.2+ 
TeamCity 2017.1, 2017.2, and 2018.1 

References 

  1. The TeamCity Blog
  2. CISA Advisory (CVE-2023-42793 Exploitation)

See other important security bulletins from Arctic Wolf.

Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter