Skip to main content
close search
site logo
Dive Brief

JetBrains warns of another critical CVE in on-premises TeamCity servers

The new vulnerability disclosure comes two months after authorities warned of other TeamCity exploitation activity linked to Midnight Blizzard.

Published Feb. 7, 2024
David Jones's headshot
Reporter
Header image for "56% of Business Leaders Are Incorporating AI Into Cybersecurity: Weekly Stat"
Andrew Brookes

Dive Brief:

  • JetBrains is warning of a critical security vulnerability in TeamCity On-Premises, which was disclosed by an external researcher on Jan. 19. The vulnerability has a CVSS score of 9.8.
  • Through the vulnerability, assigned CVE-2024-23917, an attacker with HTTP(S) access to a TeamCity server can bypass authentication checks and gain administrative control over the server, JetBrains said Monday.
  • The vulnerability marks the latest security issue for JetBrains TeamCity, which was the subject of a December warning from U.S., U.K. and Polish authorities. Midnight Blizzard, the threat group linked to the 2020 Sunburst supply chain attacks, previously targeted unpatched TeamCity servers across the globe.

Dive Insight:

JetBrains, a software development platform, is used by more than 15.9 million developers around the world and 90% of the Fortune 100, according to the company.

The vulnerability affects TeamCity On-Premises versions 2017.1 through 2023.11.2. The company is urging all customers to upgrade to version 2023.11.3, where the vulnerability has been fixed. 

For those unable to upgrade, the company has a security plugin that can be used to patch environments. JetBrains said TeamCity Cloud servers are patched and no activity is linked to cloud versions.

Customers with internet-facing servers that can’t upgrade or get access to the plugin should temporarily disconnect until they have completed all mitigation steps, the company said.

JetBrains is not aware of any specific exploitation activity linked to this new vulnerability, a spokesperson said via email. The company said it plans to release additional technical details on the vulnerability, according to the blog.

In October, Microsoft disclosed a prior JetBrains critical vulnerability, listed as CVE-2023-42793, which state-linked threat actors were exploiting. The hackers, identified as Diamond Sleet and Onyx Sleet, linked to North Korea, were observed deploying malware.

The threat activity involving Midnight Blizzard, previously known as Nobelium, was seen as preparation for future supply chain attacks. 

Midnight Blizzard was linked to a recent campaign where emails were stolen from top executives at Microsoft after a legacy, non-production test tenant was compromised.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Torus Unveils Integrated Energy Storage and AI-Driven Cybersecurity Solutions
From Torus
October 24, 2024
Abbott Laboratories Employees Credit Union (“ALEC”) Data Breach Investigation
From Migliaccio and Rathod LLP
October 21, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Clay Platte Family Medicine Data Breach Investigation
From Migliaccio and Rathod LLP
October 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell