Tuesday, February 27, 2024

TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited.

TeamCity is a building management and continuous integration server developed by JetBrains that can be installed on-premises or used as a cloud service.

This particular attack, which is identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288), carries a high risk of damage and exploitability. 

Remote code execution (RCE) attacks that do not require user input can exploit this vulnerability.

Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Affected Versions

All TeamCity On-Premises versions from 2017.1 through 2023.11.2 are vulnerable.

TeamCity Cloud servers have already been patched and have been verified not to be compromised.

Fix Released

The issue has been patched in version 2023.11.3, and JetBrains has notified its customers.

“We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” JetBrains said.

If you are unable to update your server to version 2023.11.3, JetBrains has released a security patch plugin that allows you to continue patching your environment.

Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1

“If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed,” the company said.

As per the findings of the Shadowserver report, more than 45,000 instances of Jenkins were found to be vulnerable to an arbitrary file read vulnerability.

This flaw could potentially allow unauthorized access to sensitive files and data, posing a significant security risk to the affected systems.

It is crucial for Jenkins users to take immediate action to address this vulnerability and implement necessary security measures to safeguard their systems against potential attacks.

A similar vulnerability in the TeamCity On-Premises tracked as CVE-2023-42793 with a CVSS score of 9.8 was identified the previous year. Several nation-state threat actors from North Korea aggressively took advantage of the vulnerability.

These nation-state threat actors have been seen breaking into compromised Windows-based TeamCity environments by using a variety of malware and tools to create backdoors.

Hence, to safeguard their systems against possible exploitation, users should update their servers to this most recent version.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

ThreatHunter.ai Stops Hundreds of Attacks in 48 Hours: Fighting Ransomware and Nation-State Cyber Threats

The current large surge in cyber threats has left many organizations grappling for security...

WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking

A critical security flaw has been identified in the Ultimate Member plugin for WordPress,...

Hackers Actively Hijacking ConnectWise ScreenConnect server

ConnectWise, a prominent software company, issued an urgent security bulletin on February 19, 2024,...

Heavily Obfuscated PIKABOT Evades EDR Protection

PIKABOT is a polymorphic malware that constantly modifies its code, making it hard to...

Anonymous Sudan Promoting New DDoS Botnet: Beware

It has come to light that a group known as Anonymous Sudan is actively...

Scattered Spider: Advanced Techniques for Launching High-Profile Attacks

Scattered Spider is a threat group responsible for attacking several organizations since May 2022...

8220 Hacker Group Attacking Linux & Windows Users to Mine Crypto

In a significant escalation of cyber threats, the 8220 Gang, a notorious Chinese-based hacker group, has intensified its attacks...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles