This article covers the week prior’s vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Category: Authentication & Session Management
All JetBrains TeamCity On-Premises installations through version 2023.11.3.
In JetBrains TeamCity before 2023.11.4 it is possible for threat actors to circumvent the authentication mechanism by sending a crafted request to the web server and gain access to a privileged (administrative) context. The vulnerability bears a strong resemblance to an earlier critical flaw uncovered in TeamCity a few months prior (CVE-2023-42793) but is unrelated.
The security vulnerability exists in the jetbrains.buildServer.controllers.BaseController class of the web-openapi.jar library. The method getJspFromRequest allows an attacker to access an arbitrary endpoint by manipulating the jsp to REST API requests – setting the jsp query parameter in the request to the desired path which requires authentication. For example, an attacker who wanted to access the /app/rest/server endpoint could instead call the REST API without authentiation and pass in the requested path as a query parameter ?jsp=/app/rest/server. The example request would look like, http://sw-test.local:8111/sw?jsp=/app/rest/server?.jsp.
The main solution is to urgently update impacted TeamCity instances to the new patched version that fixes this vulnerability: Version 2023.11.4. Customers are advised to upgrade to the fixed version (either manually or by using the automatic update option within the solution). To update your server, download the latest version (2023.11.4) or use the automatic update option within TeamCity.
If customers are unable to update servers to version 2023.11.4 immediately, apply the security patch plugin 2024_02.
TeamCity advise that if an impacted server is publicly accessible over the internet, and you are unable to immediately perform remediation, it is strongly recommend making your server inaccessible from the public internet.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)