A serious security vulnerability has been identified in JetBrains’ TeamCity continuous integration and deployment software, allowing unauthenticated attackers to potentially execute remote code on targeted systems. This flaw, categorized as CVE-2023-42793, is assigned a critical CVSS score of 9.8 and was rectified in the TeamCity version 2023.05.4, released following responsible disclosure on September 6, 2023.
According to Sonar security researcher Stefan Schiller, the vulnerability could be exploited to exfiltrate source code, sensitive service credentials, and private keys, allowing attackers to seize control of associated build agents and manipulate build artifacts. Furthermore, its exploitation could grant adversaries access to build pipelines, enabling them to inject arbitrary code, thereby compromising the integrity of operations and posing risks to the supply chain.
It is critical to note that this security flaw impacts only on-premises versions of JetBrains software. The TeamCity Cloud variant has already been updated to incorporate necessary security fixes. While additional details regarding the vulnerability have been kept under wraps due to its straightforward exploitable nature, Sonar has cautioned that it may soon be weaponized in live attacks.
In an independent advisory, JetBrains has urged users to upgrade promptly. Additionally, it has issued a security patch plugin for TeamCity versions 8.0 and above to mitigate the risk associated with this vulnerability.
The urgency of this disclosure is underscored by recent reports revealing two high-severity vulnerabilities in Atos Unify OpenScape products. These vulnerabilities allow low-privileged attackers to execute arbitrary operating system commands as root (CVE-2023-36618) and enable unauthenticated attackers to access various configuration scripts (CVE-2023-36619). Atos patched these vulnerabilities in July 2023, highlighting the ongoing need for vigilance in protecting systems.
Sonar’s recent assessments also spotlight critical cross-site scripting (XSS) vulnerabilities within encrypted email solutions, including Proton Mail and Tutanota. These flaws could have paved the way for malicious actors to hijack email accounts, posing significant risks to user privacy.
Reports indicate that threat actors, including ransomware groups, are actively exploiting the TeamCity vulnerability for malicious purposes. According to sources like GreyNoise and PRODAFT, attempts to exploit this flaw have been observed from multiple IP addresses across Germany, the United States, the Netherlands, Romania, and Denmark, with over 1,200 unique susceptible servers estimated to be at risk.
In summary, the recent identification of the JetBrains TeamCity flaw raises significant concerns about cybersecurity vulnerabilities among business owners. The exploitation tactics could align with several MITRE ATT&CK techniques, including Initial Access via exploitation of vulnerabilities, Execution of arbitrary code, and possible Privilege Escalation once access is obtained, leading to further system compromise.
For business owners, staying informed and implementing timely updates is crucial in the ever-evolving landscape of cybersecurity threats.
