WARNING: REMOTE CODE EXECUTION IN JETBRAINS TEAMCITY, PATCH IMMEDIATELY!
CVE-2024-23917: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23917
Risques
Patching CVE-2024-23917 is highly advised. At the time of writing, there are no mentions of the vulnerability being exploited in the wild. However, a previously disclosed vulnerability in JetBrains TeamCity (CVE-2023-42793) was exploited by threat actors. Given how similar the two vulnerabilities are, the likelihood of CVE-2024-23917 being exploited is very high.
For more information on CVE-2023-42793, please visit our published advisory #2023-119. (See references)
Description
CVE-2024-23917 is a critical vulnerability in Jetbrains TeamCity. It is an authentication bypass that can lead to a Remote Code Execution, giving full access to the administrative control of the TeamCity server. The attacker only needs HTTP(s) access to a TeamCity server for successful exploitation.
The vulnerability has a CVSS3.1 score of 9.8, meaning it is easily exploited over the internet with no user interaction and severe impact in the confidentiality, integrity, and availability of the affected system.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Références
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23917
TheRegister: https://www.theregister.com/2024/02/07/jetbrains_teamcity_critical_vuln/
Advisory #2023-119: https://cert.be/en/advisory/warning-authentication-bypass-leading-rce-jetbrains-teamcity-server-currently-exploited