Dive Brief:
- JetBrains is warning of a critical security vulnerability in TeamCity On-Premises, which was disclosed by an external researcher on Jan. 19. The vulnerability has a CVSS score of 9.8.
- Through the vulnerability, assigned CVE-2024-23917, an attacker with HTTP(S) access to a TeamCity server can bypass authentication checks and gain administrative control over the server, JetBrains said Monday.
- The vulnerability marks the latest security issue for JetBrains TeamCity, which was the subject of a December warning from U.S., U.K. and Polish authorities. Midnight Blizzard, the threat group linked to the 2020 Sunburst supply chain attacks, previously targeted unpatched TeamCity servers across the globe.
Dive Insight:
JetBrains, a software development platform, is used by more than 15.9 million developers around the world and 90% of the Fortune 100, according to the company.
The vulnerability affects TeamCity On-Premises versions 2017.1 through 2023.11.2. The company is urging all customers to upgrade to version 2023.11.3, where the vulnerability has been fixed.
For those unable to upgrade, the company has a security plugin that can be used to patch environments. JetBrains said TeamCity Cloud servers are patched and no activity is linked to cloud versions.
Customers with internet-facing servers that can’t upgrade or get access to the plugin should temporarily disconnect until they have completed all mitigation steps, the company said.
JetBrains is not aware of any specific exploitation activity linked to this new vulnerability, a spokesperson said via email. The company said it plans to release additional technical details on the vulnerability, according to the blog.
In October, Microsoft disclosed a prior JetBrains critical vulnerability, listed as CVE-2023-42793, which state-linked threat actors were exploiting. The hackers, identified as Diamond Sleet and Onyx Sleet, linked to North Korea, were observed deploying malware.
The threat activity involving Midnight Blizzard, previously known as Nobelium, was seen as preparation for future supply chain attacks.
Midnight Blizzard was linked to a recent campaign where emails were stolen from top executives at Microsoft after a legacy, non-production test tenant was compromised.