Quick look at the Vulnerability found in JetBrains’ CI/CD Server

CVE-2024-23917 is a critical vulnerability discovered in JetBrains’ TeamCity, a popular Continuous Integration and Continuous Delivery (CI/CD) server. This vulnerability allows cyberattacks to bypass authentication and gain administrative control over the server.

The vulnerability has been assigned a severity score of 9.8 (out of 10) by the Common Vulnerability Scoring System (CVSS), indicating its critical nature.

The Vulnerability

The vulnerability affects all versions of JetBrains TeamCity On-Premises from 2017.1 through 2023.11.2. It allows an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks. This can lead to Remote Code Execution (RCE), enabling the attacker to gain administrative control over the server.

Impact of JetBrains Vulnerability

Gaining administrative control over a CI/CD server like TeamCity can have severe implications. It can compromise the security of the Software Development Life Cycle (SDLC) pipelines. The attacker can manipulate the code, initiate unauthorized builds, or even deploy malicious changes to the production environment.

Mitigation of JetBrains Vulnerability

JetBrains has addressed this vulnerability in TeamCity On-Premises version 2023.11.3. Users are advised to update their servers to this version as soon as possible to prevent exploitation. For those unable to update immediately, JetBrains has provided a security patch plugin as a temporary solution.

The TeamCity On-Premises version 2023.11.3 is a bug-fix update that was released to address the critical security vulnerability CVE-2024-23917. This version was released on January 30, 2024. The update includes fixes for various bugs and two security problems. JetBrains highly recommends installing this update as it includes a fix for the critical security vulnerability.

For users who are unable to immediately update their servers to version 2023.11.3, JetBrains has released a security patch plugin. This plugin can be downloaded and installed on TeamCity versions 2017.1 through 2023.11.2. It is designed to patch the vulnerability described above.

The security patch plugin is a temporary solution and JetBrains always recommends upgrading your server to the latest version to benefit from many other security updates. If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, JetBrains recommends temporarily making it inaccessible until mitigation actions have been completed.

Prevention

To prevent such vulnerabilities, it’s crucial to implement robust security measures in your CI/CD pipeline. Role-Based Access Control (RBAC) is one such measure that can help prevent unauthorized access. RBAC ensures that only users with appropriate roles can make changes to the code, initiate builds, or deploy to production. It provides fine-grained control over access to various parts of the pipeline, significantly reducing the risk of unauthorized users making changes.

Conclusion

CVE-2024-23917 serves as a stark reminder of the importance of robust security in CI/CD pipelines. Regular updates, vigilant monitoring, and stringent access controls are essential to safeguard these critical systems against potential threats.

By doing so, organizations can safeguard their critical systems against potential threats, ensuring the integrity and security of their software development processes.

---

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it