DIVD-2023-00036 - Authentication Bypass in JetBrains TeamCity
|Case lead||Max van der Horst|
|Recommendation||Upgrade by installing the issued patch as soon as possible or apply the provided security patch plugin|
|Patch status||patches available|
|Workaround||Install the JetBrains-provided security patch plugin|
|Last modified||06 Dec 2023 10:43|
A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.
JetBrains advises On-Prem users to upgrade to the patch as soon as possible or install the security patch plugin. See the references for the download links.
What we are doing
DIVD is scanning for vulnerable systems. Owners of such systems will receive a notification with this casefile and remediation steps.
|20 Sep 2023||DIVD starts researching this vulnerability.|
|21 Sep 2023||DIVD starts scanning for this vulnerability.|
|27 Sep 2023||First version of this casefile.|
|02 Oct 2023||DIVD identified vulnerable devices|
|02 Oct 2023||DIVD started notifying stakeholders|
|06 Dec 2023||Second round of notifications sent|