Tuesday, December 3, 2024
HomeCyber Security NewsTeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

TeamCity Authentication Bypass Flaw Let Attackers Gain Admin Control

Published on

SIEM as a Service

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the vulnerability is exploited.

TeamCity is a building management and continuous integration server developed by JetBrains that can be installed on-premises or used as a cloud service.

This particular attack, which is identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288), carries a high risk of damage and exploitability. 

- Advertisement - SIEM as a Service

Remote code execution (RCE) attacks that do not require user input can exploit this vulnerability.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Affected Versions

All TeamCity On-Premises versions from 2017.1 through 2023.11.2 are vulnerable.

TeamCity Cloud servers have already been patched and have been verified not to be compromised.

Fix Released

The issue has been patched in version 2023.11.3, and JetBrains has notified its customers.

“We strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” JetBrains said.

If you are unable to update your server to version 2023.11.3, JetBrains has released a security patch plugin that allows you to continue patching your environment.

Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1

“If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed,” the company said.

As per the findings of the Shadowserver report, more than 45,000 instances of Jenkins were found to be vulnerable to an arbitrary file read vulnerability.

This flaw could potentially allow unauthorized access to sensitive files and data, posing a significant security risk to the affected systems.

It is crucial for Jenkins users to take immediate action to address this vulnerability and implement necessary security measures to safeguard their systems against potential attacks.

A similar vulnerability in the TeamCity On-Premises tracked as CVE-2023-42793 with a CVSS score of 9.8 was identified the previous year. Several nation-state threat actors from North Korea aggressively took advantage of the vulnerability.

These nation-state threat actors have been seen breaking into compromised Windows-based TeamCity environments by using a variety of malware and tools to create backdoors.

Hence, to safeguard their systems against possible exploitation, users should update their servers to this most recent version.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

Salesforce Applications Vulnerability Could Allow Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a...

TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands

A significant vulnerability has been identified in TP-Link's HomeShield function, affecting a range of...