The Download
If you run on-premise software for SDLC from JetBrains, this vulnerability is worth paying attention to. TeamCity software is used by major companies for software development lifecycle (SDLC) CI/CD management and harkens back to on-premise software still prevalent in enterprises. The vulnerability, tracked as CVE-2024-23917, allows unauthenticated remote hackers to execute code and takeover the system. Once an on-premise server is compromised, it can infect other devices on the network, particularly other machines that connect to it.
Why does this vulnerability matter? TeamCity has some history with vulnerable software getting exploited by nation state adversaries. The firms that run their software are fairly large organizations and as such are attractive targets. In 2023, North Korean hacker groups tracked as Diamond Sleet and Onyx Sleet by Microsoft compromised TeamCity to compromise the server for data theft, espionage and financially motivated crime. Likewise CozyBear/APT29/MidnightBlizzard have also compromised vulnerability CVE-2023-42793. These groups are ready to pounce on exploitable vulnerabilities in TeamCity.
Take Action
To avoid network compromise, you need to scan behind the firewall for the presence of TeamCity on-premise software. Often times IT shops will ignore or delay patching vulnerable software behind the firewall as it seemingly is less vulnerable to attack. However, phishing is an easy beachhead onto a network from where the adversary can scan the network and find vulnerable servers like TeamCity and then leverage that to compromise more data as well as steal valuable assets like code and intellectual property.
To learn more: