February 6, 2024 at 12:36PM
JetBrains has issued a critical security alert, urging customers to patch their TeamCity On-Premises servers to address a vulnerability (CVE-2024-23917) allowing attackers to gain admin privileges through remote code execution attacks. Customers are advised to update to version 2023.11.3 immediately. An earlier flaw (CVE-2023-42793) has been exploited by various threat actors.
Key Takeaways from the Meeting Notes:
1. JetBrains has announced a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises servers from 2017.1 through 2023.11.2. This flaw can lead to remote code execution (RCE) attacks without user interaction.
2. It is strongly advised for all TeamCity On-Premises users to update their servers to version 2023.11.3 to eliminate the vulnerability. Users with servers accessible over the internet are recommended to temporarily make them inaccessible until mitigation actions are completed.
3. Customers who cannot immediately upgrade can use a security patch plugin to secure their servers running specific versions of TeamCity.
4. While TeamCity Cloud servers have been patched, it is unknown if CVE-2024-23917 has been targeted in the wild to hijack Internet-exposed TeamCity On-Premises servers.
5. Another similar authentication bypass flaw (CVE-2023-42793) has been exploited by APT29 hacking group linked to Russia’s Foreign Intelligence Service, ransomware gangs, and North Korean Lazarus and Andariel hacking groups. This flaw has resulted in widespread RCE and backdoor attacks.
6. JetBrains reports that more than 30,000 organizations worldwide use the TeamCity software building and testing platform.
These are the clear takeaways from the meeting notes. Should there be any further action items or details needed, please let me know!