February 7, 2024 at 07:37AM
JetBrains urges all TeamCity (on-prem) users to upgrade to the latest version due to a critical vulnerability (CVE-2024-23917) with a 9.8 CVSS score, allowing unauthenticated remote attackers to seize control of vulnerable servers. This affects versions from 2017.1 to 2023.11.2, patched in 2023.11.3. Admins are advised to upgrade immediately or apply the security patch plugin.
The key points from the meeting notes are:
– JetBrains is urging all users of TeamCity (on-prem) to upgrade to the latest version due to a critical vulnerability (CVE-2024-23917) with a provisional 9.8 CVSS score, allowing unauthenticated remote attackers to take over vulnerable servers with admin privileges.
– Versions from 2017.1 through 2023.11.2 are affected, and the issue has been patched in version 2023.11.3.
– The vulnerability only requires attention for admins of on-prem servers since TeamCity Cloud has already been patched.
– JetBrains confirmed no attacks had been detected against TeamCity Cloud but made no assertions about the on-prem product.
– Recommended patching methods include downloading the latest version, using the automatic update feature within TeamCity, or using the security patch plugin addressing CVE-2024-23917.
– It’s recommended to upgrade the whole server rather than just patching the single vulnerability to receive all other security fixes.
– If patches or mitigations can’t be applied immediately, public-facing TeamCity servers should be made inaccessible until the critical flaw is addressed.
– The disclosure follows previous targeting of TeamCity servers with a similar flaw (CVE-2023-42793) by state-sponsored attackers from Russia and North Korea with a 9.8 severity score.
– There was no evidence of a SolarWinds-like attack, but Russia’s Foreign Intelligence Service (SVR) exploited the vulnerability to move laterally around victim’s networks and plant backdoors to facilitate follow-on attacks.