JetBrains warns of new TeamCity auth bypass vulnerability

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.
Tracked as CVE-2024-23917, this critical severity flaw impacts all versions of TeamCity On-Premises from 2017.1 through 2023.11.2 and can be exploited in remote code execution attacks that don't require user interaction.
Customers who cannot immediately upgrade can also use a security patch plugin to secure servers running TeamCity 2018.2+ and TeamCity 2017.1, 2017.2, and 2018.1.
While the company says that all TeamCity Cloud servers have been patched and there is no evidence they've been attacked, it has yet to reveal if CVE-2024-23917 has been targeted in the wild to hijack Internet-exposed TeamCity On-Premises servers.
Shadowserver is tracking more than 2,000 TeamCity servers exposed online, although there is no way to know how many have already been patched.
A similar authentication bypass flaw tracked as CVE-2023-42793 was exploited by the APT29 hacking group linked to Russia's Foreign Intelligence Service in widespread RCE attacks since September 2023.
Several ransomware gangs have exploited the same vulnerability since early October to breach corporate networks.
According to Microsoft, the North Korean Lazarus and Andariel hacking groups also used CVE-2023-42793 exploits to backdoor victims' networks, likely in preparation for software supply chain attacks.
JetBrains says that more than 30,000 organizations worldwide use TeamCity software building and testing platform, including high-profile companies like Citibank, Ubisoft, HP, Nike, and Ferrari.
45k Jenkins servers exposed to RCE attacks using public exploits.
Cisco warns of critical RCE flaw in communications software.
Critical SonicWall firewall patch not released for all devices.
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 06 Feb 2024 17:30:10 +0000


Cyber News related to JetBrains warns of new TeamCity auth bypass vulnerability

JetBrains, Rapid7 clash over vulnerability disclosure policies - A dispute between software maker JetBrains and security vendor Rapid7 has highlighted ongoing concerns with coordinated vulnerability disclosure policies and practices. On March 4, JetBrains disclosed two critical vulnerabilities tracked as ...
9 months ago Techtarget.com
Echoes of SolarWinds: JetBrains TeamCity servers under attack by Russia-backed hackers - The SolarWinds hackers are infiltrating JetBrains TeamCity servers via a critical vulnerability enabling authorization bypass and arbitrary code execution, government officials warn. Russian Foreign Intelligence Service-backed threat actor CozyBear ...
1 year ago Packetstormsecurity.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
Threat Groups Rush to Exploit JetBrains' TeamCity CI/CD Security Flaws - The cyberthreats to users of JetBrains' TeamCity CI/CD platform continue to mount a week after the company issued two fixes to security vulnerabilities, with one cybersecurity vendor noting a ransomware attack that included exploiting the flaws for ...
9 months ago Securityboulevard.com
JetBrains warns of new TeamCity auth bypass vulnerability - JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. Tracked as CVE-2024-23917, this critical ...
10 months ago Bleepingcomputer.com
TeamCity Software Vulnerability Exploited Globally - Over the past few days a security breach has transpired, hackers are taking advantage of a significant flaw in TeamCity On-Premises software, allowing them to create unauthorised admin accounts. This flaw, known as CVE-2024-27198, has prompted urgent ...
9 months ago Cysecurity.news
Russian APT exploiting JetBrains TeamCity vulnerability - A known JetBrains TeamCity vulnerability is now being exploited by two nation-state threat groups as some organizations have yet to patch the critical flaw. CISA issued a joint government advisory Wednesday to warn users that a Russian advanced ...
1 year ago Techtarget.com
Weekly Vulnerability Recap 3/11/24: JetBrains & Atlassian Issues - This past week, both JetBrains TeamCity and Atlassian Confluence products have run into more hiccups as their string of vulnerabilities continues. JetBrains and Atlassian users should pay special attention since vulnerabilities continue cropping up ...
9 months ago Esecurityplanet.com
JetBrains vulnerability exploitation highlights debate over 'silent patching' - Czech software giant JetBrains harshly criticized security company Rapid7 this week following a dispute over two recently-discovered vulnerabilities. In a blog post published Monday, JetBrains attributed the compromise of several customers' servers ...
9 months ago Therecord.media
Russian Hackers Exploiting JetBrains Vulnerability to Hack Servers - The Federal Bureau of Investigation, the National Security Agency, and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that ...
1 year ago Gbhackers.com
JetBrains releases security fixes for TeamCity CI/CD system - Two critical security vulnerabilities discovered by Rapid7 could allow an attacker to gain administrative control of TeamCity On-Premises servers. Editor at Large, InfoWorld| Mar 12, 2024 10:25 am PDT. JetBrains has released fixes for two critical ...
9 months ago Infoworld.com
Global TeamCity Exploitation Opens Door to SolarWinds-Style Nightmare - APT29, the notorious Russian advanced persistent threat behind the 2020 SolarWinds hack, is actively exploiting a critical security vulnerability in JetBrains TeamCity that could open the door to rampant software supply chain attacks. According to ...
1 year ago Darkreading.com
Recent TeamCity Vulnerability Exploited in Ransomware Attacks - A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product's developer and cybersecurity companies. On March 4, JetBrains, the developer of the TeamCity build ...
9 months ago Securityweek.com
Weekly Vulnerability Recap 2/12/24: Continued Ivanti, JetBrains Issues - This week saw some repeat products from previous vulnerability recaps, such as Ivanti Policy Secure and JetBrains TeamCity servers. Make sure your security teams consistently check vendor bulletins for vulnerability announcements so your business can ...
10 months ago Esecurityplanet.com
JetBrains fingers Rapid7 for customer ransomware attacks The Register - Last week, we wrote about how security outfit Rapid7 threw JetBrains, the company behind the popular CI/CD platform TeamCity, under the bus over allegations of silent patching. The software developer published its side of the story at the time, but ...
9 months ago Go.theregister.com
CISA: Russian hackers target TeamCity servers since September - CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. APT29 is ...
1 year ago Bleepingcomputer.com
Russia is exploiting JetBrains TeamCity users at large scale The Register - Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn. Announced in late ...
1 year ago Go.theregister.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
1 year ago Helpnetsecurity.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com
Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies - The Russian cyberespionage group known as APT29 has been exploiting a recent TeamCity vulnerability on a large scale since September 2023, according to government agencies in the US, UK, and Poland. The issue, tracked as CVE-2023-42793 and impacting ...
1 year ago Securityweek.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
6 months ago Securityaffairs.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
6 months ago Securityaffairs.com
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure - Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original ...
10 months ago Bleepingcomputer.com
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
9 months ago Securityboulevard.com
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)