Governance & Risk Management , Patch Management , Security Operations
JetBrains Patches Authentication Bypass Flaw in TeamCity
Shadowserver Foundation Found Approximately 2,000 Exposed JetBrains ServersSoftware developers are in a race against time to patch a flaw that could result in supply chain attacks, warned the integrated development environment maker JetBrains.
The company on Monday released an urgent patch for a bypass flaw that can allow remote attackers to circumvent authentication checks through an alternative path and gain administrative control of TeamCity, a continuous integration and continuous delivery server that JetBrains makes.
The flaw, tracked CVE-2024-23917, with a CVSS score of 9.8 out of 10, is rated as critical and affects all versions from 2017.1 through 2023.11.2 of the JetBrains TeamCity On-Premises servers. The servers of Cloud TeamCity customers have already been patched, and their instances haven't been attacked, the company said. Ransomware hackers within days began exploiting a TeamCity remote code execution flaw the company disclosed in October (see: Ransomware Actors Exploit Critical Bug, Target DevOps Tool).
The Shadowserver Foundation found approximately 2,000 exposed JetBrains servers.
The U.S. Cybersecurity and Infrastructure Security Agency warned in December that a compromised TeamCity server can provide malicious actors with access to that software developer's source code and signing certificates and give the actor the ability to subvert software compilation and deployment processes.
"If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed," JetBrains said.
The company said that if a user is unable to update their server, it has released a security patch plug-in.
"Authentication and authorization have been at the top of the OWASP Top Ten for over two decades. And it's obvious that attackers are now focusing on exploiting these critical defenses and gaining administrative access," said Jeff Williams, co-founder and CTO of Contrast Security.
Williams said organizations should conduct penetration testing and code review on their applications and APIs to ensure their authentication and authorization defenses are effective. This process can be informed by runtime security observability tools that detail the use of these defenses across app and API endpoints.