CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-23917

Critical Severity
Jetbrains
SVRS
89/100
CVSSv3
9.8/10
EPSS
0.94433/1

CVE-2024-23917: Authentication bypass leading to Remote Code Execution (RCE) in JetBrains TeamCity versions prior to 2023.11.3. This vulnerability allows unauthorized access, potentially enabling attackers to execute arbitrary code on the affected TeamCity server. With a critical SOCRadar Vulnerability Risk Score (SVRS) of 89, this vulnerability demands immediate attention and remediation. Exploitation of CVE-2024-23917 allows threat actors to completely compromise the TeamCity server and potentially pivot to other systems within the network. Given its presence 'In The Wild', organizations using vulnerable TeamCity versions are urged to upgrade to version 2023.11.3 or later immediately to mitigate this significant risk. The high SVRS reflects the elevated risk due to observed exploitation and the severe consequences of a successful attack.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-02-06
LAST MODIFIED2024-02-09
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-23917 is a critical vulnerability in JetBrains TeamCity, a popular continuous integration and continuous delivery (CI/CD) tool. This vulnerability allows an unauthenticated attacker to bypass authentication and execute arbitrary code on the affected system. The SVRS for this vulnerability is 50, indicating a moderate risk. However, due to the potential impact of this vulnerability, it is still considered a high priority for remediation.

Key Insights:

  1. Authentication Bypass: This vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected system. This could allow the attacker to access sensitive data, modify or delete files, or even execute arbitrary code.
  2. Remote Code Execution: The attacker can execute arbitrary code on the affected system. This could allow the attacker to install malware, create backdoors, or launch other attacks.
  3. High Impact: This vulnerability could have a significant impact on the affected system. It could lead to data loss, disruption of services, or even complete compromise of the system.

Mitigation Strategies:

  1. Update JetBrains TeamCity: The vendor has released a patch to address this vulnerability. It is recommended that users update to the latest version of JetBrains TeamCity as soon as possible.
  2. Enable Two-Factor Authentication: Two-factor authentication adds an extra layer of security to user accounts. It requires users to provide a second form of identification, such as a code sent to their mobile phone, in addition to their password.
  3. Implement Network Segmentation: Network segmentation can help to limit the impact of a successful attack. By dividing the network into smaller segments, it can make it more difficult for an attacker to move laterally through the network and access other systems.
  4. Educate Users: It is important to educate users about the risks of this vulnerability and how to protect themselves. Users should be aware of the importance of using strong passwords and not clicking on suspicious links or opening attachments from unknown senders.

Additional Information:

  • Threat Actors/APT Groups: There is no information available about specific threat actors or APT groups actively exploiting this vulnerability.
  • Exploit Status: There are no known active exploits for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.
  • In the Wild: There is no information available about this vulnerability being used in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, February 7th, 2024
Dr. Johannes B. Ullrich2024-02-07
ISC StormCast for Wednesday, February 7th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. 40 Years of Viruses; Infected Toothbrushes; TeamCity Vuln; Resume Looters; Malicious Facebook Job AdsComputer viruses are celebrating their 40th birthday (well, 54th, really) https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624 Three million malware-infected smart toothbrushes used in Swiss DDoS attacks https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917 <
sans.edu
rss
forum
news
Kritische Sicherheitslücke in JetBrains TeamCity On-Premises
CERT.at2025-04-01
Kritische Sicherheitslücke in JetBrains TeamCity On-Premises | Das Softwareunternehmen JetBrains hat Informationen &uuml;ber eine kritische Sicherheitsl&uuml;cke in JetBrains TeamCity On-Premises ver&ouml;ffentlicht. Eine Ausnutzung der Schwachstelle, CVE-2024-23917, erlaubt unauthentifizierten Angreifer:innen mit HTTP(s)-Zugriff auf eine verwundbare Instanz von TeamCity das Umgehen von Authentifizierungskontrollen und somit die vollst&auml;ndige &Uuml;bernahme der betroffenen Installation.
cert.at
rss
forum
news
1.791
2024-12-17
1.791 | Newly Added (13)Security Vulnerabilities fixed in Adobe ColdFusion APSB24-14Cleo Harmony CVE-2024-50623 Remote Code Execution VulnerabilityCleo LexiCom CVE-2024-50623 Remote Code Execution VulnerabilityCleo VLTrader CVE
fortiguard.com
rss
forum
news
JetBrains warns of another critical CVE in on-premises TeamCity servers - Cybersecurity Dive
2024-02-07
JetBrains warns of another critical CVE in on-premises TeamCity servers - Cybersecurity Dive | News Content: Dive Brief: JetBrains is warning of a critical security vulnerability in TeamCity On-Premises, which was disclosed by an external researcher on Jan. 19. The vulnerability has a CVSS score of 9.8. Through the vulnerability, assigned CVE-2024-23917, an attacker with HTTP(S) access to a TeamCity server can bypass authentication checks and gain administrative control over the server, JetBrains said Monday. The vulnerability marks the latest security issue for JetBrains TeamCity, which was the subject of a December warning from U.S., U.K. and
cve-2023-42793
cve-2024-23917
cves
server
JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive - Dark Reading
2024-03-07
JetBrains TeamCity Mass Exploitation Underway, Rogue Accounts Thrive - Dark Reading | News Content: Attacks targeting two security vulnerabilities in the TeamCity CI/CD platform have begun in earnest just days after its developer, JetBrains, disclosed the flaws on March 3. The attacks include at least one campaign to distribute ransomware, and another in which a threat actor appears to be creating admin users on vulnerable TeamCity instances for potential future use. One of the vulnerabilities (identified as CVE-2024-27198) has a near-maximum severity CVSS rating of 9.8 out of 10 and is an authentication bypass issue in TeamCity's Web
google.com
rss
forum
news

Social Media

Tracked as CVE-2024-23917, the flaw carries a CVSS rating of 9.8 out of 10 https://t.co/oQEwgTeGKo
0
0
0
🚨Alert🚨CVE-2024-23917: In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible 🆕 New research from @0daylabs : Diving deep into Jetbrains #TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass 🔗Learn more… https://t.co/zWzB0cwNtr
0
1
6
Diving deep into Jetbrains TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass https://t.co/DjXTC4LvR6
0
0
1
Just released the first part of a multi-part series on analyzing recent #TeamCity vulnerabilities! Part 1 is all about CVE-2024-23917 and how it leads to Authentication Bypass.
0
2
2
Diving deep into Jetbrains #TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass: https://t.co/v7kf1y724p https://t.co/qYoGo5Liy8
0
3
6

Affected Software

Configuration 1
TypeVendorProduct
AppJetbrainsteamcity

References

ReferenceLink
[email protected]https://www.jetbrains.com/privacy-security/issues-fixed/

CWE Details

CWE IDCWE NameDescription
CWE-288Authentication Bypass Using an Alternate Path or ChannelA product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-306Missing Authentication for Critical FunctionThe software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence