1000+ JetBrains TeamCity Instances Vulnerable to RCE Bypass Attacks

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8.

An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited.

TeamCity is a building management and continuous integration server developed by JetBrains that can be installed on-premises or used as a cloud service.

This attack, identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288), carries a high risk of damage and exploitability. 

Remote code execution (RCE) attacks that do not require user input can exploit this vulnerability.

All TeamCity On-Premises versions from 2017.1 through 2023.11.2 are vulnerable.

TeamCity Cloud servers have already been patched and verified not to be compromised.

Instances Exposed to the Internet

Shadowserver has observed that 1052 vulnerable JetBrains TeamCity Instances were exposed to the Internet.

Most exposed instances are found in the US 332 instances & Germany 120 instances.

The issue has been patched in version 2023.11.3, and JetBrains has notified its customers.

“We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” JetBrains said.

If you are unable to update your server to version 2023.11.3, JetBrains has released a security patch plugin that allows you to continue patching your environment.

Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1

“If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed,” the company said.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.