On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers.

About CVE-2024-23917

CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.

The vulnerability was first identified and reported by an external security researcher on January 19, 2024, and affects all versions of TeamCity On-Premises from 2017.1 through 2023.11.2.

“We have fixed this vulnerability in version 2023.11.3 and have already notified our customers. We will also release additional technical details of the vulnerability shortly. In the meantime, we strongly advise all TeamCity On-Premises users to update their servers to 2023.11.3 to eliminate the vulnerability,” the company noted.

For those who can’t update to the fixed version, the company has released a security patch plugin (that addresses only CVE-2024-23917). Internet-facing servers should be made temporarily inaccessible until the patches have been applied.

“TeamCity Cloud servers have already been patched and we have verified that they weren’t attacked,” the company shared.

JetBrain’s advisory didn’t mention whether the vulnerability is being leveraged to target vulnerable on-premises servers.

JetBrains TeamCity servers under attack

JetBrains TeamCity servers have been a popular target for various state-sponsored hacking groups last year. Those attackers leveraged another authentication bypass vulnerability (CVE-2023-42793) affecting TeamCity On-Premises servers.

Russian state-sponsored hackers have been leveraging the vulnerability since September 2023, and North Korean hackers have been exploiting it since early October, 2023.