Summary
Censys is aware that on February 5, 2024, JetBrains announced a critical software vulnerability that could allow an unauthenticated attacker with HTTP(S) access to bypass authentication and gain administrative control of affected versions of TeamCity.
According to JetBrains, this issue affects all TeamCity on-premises versions versions from 2017.1 through 2023.11.2.
Censys’ Rapid Response Team was able to accurately identify 198 publicly-exposed affected assets as of February 7, 2024. Below are the queries and risk names that will accurately uncover affected TeamCity assets that are publicly facing and recently observed from our scans.
Censys ASM Risk Name
JetBrains TeamCity RCE Vulnerability [CVE-2024-23917]
Censys ASM Query
Censys Search Queries are shared directly with Censys customers. If you would like to obtain the Censys query to identify global instances related to this issue, or need help, please contact us.
Recommendations for remediation
from JetBrains state that owners of these assets should “update their servers to 2023.11.3 to eliminate the vulnerability.
To update your server, download the latest version (2023.11.3) or use the automatic update option within TeamCity.
If you are unable to update your server to version 2023.11.3, we have also released a security patch plugin so that you can still patch your environment. The security patch plugin can be downloaded using the link below and installed on TeamCity versions 2017.1 through 2023.11.2. It will patch the vulnerability described above. . . .
The security patch plugin will only address the vulnerability described above. We always recommend upgrading your server to the latest version to benefit from many other security updates.
If your server is publicly accessible over the internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed.
Security patch plugin: TeamCity 2018.2+ | TeamCity 2017.1, 2017.2, and 2018.1” (JetBrains)
