Critical Security Issue Affecting TeamCity On-Premises – Update to 2023.05.4 Now

Yegor Naumov

Summary

• A critical security issue was recently identified in TeamCity On-Premises (initially discovered and reported to us by the team at Sonar).
• This critical security vulnerability has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288.
• The vulnerability may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.
• This vulnerability has been fixed in version 2023.05.4.
• We encourage all users to update their servers to the latest version.
• For those who are unable to do so, we have released a security patch plugin (details below).

Details

A critical security issue was recently identified in TeamCity On-Premises. If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server. 

All versions of TeamCity On-Premises are affected by this critical security vulnerability. It has been assigned the CVE identifier CVE-2023-42793 and presents the weakness CWE-288 (Authentication Bypass Using an Alternate Path or Channel). This issue does not impact TeamCity Cloud, and we have already upgraded TeamCity Cloud servers to the latest version.

We have fixed this vulnerability in version 2023.05.4, and have already notified our customers. We will also be releasing additional technical details of the vulnerability soon. In the meantime, we strongly advise all users of TeamCity On-Premises to update their servers to 2023.05.4 to mitigate the issue.

To update your server, download the latest version (2023.05.4) or use the automatic update option within TeamCity.

If you are unable to update your server to version 2023.05.4, we have also released a security patch plugin so that you can still patch your environment. The security patch plugin can be downloaded using one of the links below and installed on TeamCity 8.0+. It will patch the specific RCE vulnerability described above. For TeamCity 2019.2 and later, the plugin can be enabled without restarting the TeamCity server. For versions older than 2019.2, a server restart is required after the plugin has been installed.

Security patch plugin: for TeamCity 2018.2 to 2023.05.3 | for TeamCity 8.0 to 2018.1

See TeamCity plugin installation instructions for information on installing these plugins.

Important: The security patch plugin will only address the RCE vulnerability described above. We always recommend users upgrade their servers to the latest version to benefit from many other security updates. 

If your server is publicly accessible over the internet and you are unable to perform one of the above mitigation steps immediately, we recommend temporarily making it inaccessible until mitigation actions have been completed.

A complete list of recently fixed security issues is available on the Fixed security issues page on the JetBrains website. You can also subscribe to receive notifications about fixes in all JetBrains products via email.

Frequently asked questions

Which versions are affected?

All versions prior to the patched version (2023.05.4) are affected by the issue. We recommend upgrading as soon as possible.

Is TeamCity Cloud affected?

This issue does not impact TeamCity Cloud, and we have already upgraded TeamCity Cloud servers to the latest version.

Is it possible to backport the fix to our version? 

We are not considering backports at this point. Please keep in mind that the plugin we have released mitigates this issue and is compatible with TeamCity 8.0+. 

Support

If you have any questions regarding this issue or encounter problems upgrading, please get in touch with the TeamCity Support team by submitting a ticket.

影响 TeamCity On-Premises 的严重安全问题 – 立即更新到 2023.05.4

Lei

概要

• TeamCity On-Premises 中最近发现了一个严重的安全问题。(最初由 Sonar 团队发现并报告给我们）。
• 此严重安全漏洞已获得 CVE 标识符 CVE-2023-42793，弱点为 CWE-288。
• 此漏洞可能使未经身份验证的攻击者能够通过 HTTP(S) 访问 TeamCity 服务器，执行远程代码执行 (RCE) 攻击并获得 TeamCity 服务器的管理控制权。
• 此漏洞已在 2023.05.4 版本中修正。
• 我们希望所有用户都将其服务器更新到最新版本。
• 我们也为无法更新的用户发布了一个安全补丁插件（详细信息如下）。

详细信息

TeamCity On-Premises 中最近发现了一个严重的安全问题。 如果被滥用，此缺陷可能使未经身份验证的攻击者能够通过 HTTP(S) 访问 TeamCity 服务器，执行远程代码执行 (RCE) 攻击并获得 TeamCity 服务器的管理控制权。

TeamCity On-Premises 的所有版本均受此严重安全漏洞的影响。它已获得 CVE 标识符 CVE-2023-42793，弱点为 CWE-288（使用替代路径或通道绕过身份验证）。此问题不会影响 TeamCity Cloud，我们已经将 TeamCity Cloud 服务器升级到最新版本。

我们已在 2023.05.4 版本中修正此漏洞，并已通知客户。我们也将尽快发布此漏洞的其他技术细节。同时，我们强烈建议 TeamCity On-Premises 的所有用户都将服务器更新到 2023.05.4 以缓解这一问题。

要更新服务器，请下载最新版本 (2023.05.4) 或使用 TeamCity 内的自动更新选项。

如果您无法将服务器更新到 2023.05.4，我们也发布了安全补丁插件，因此您仍然可以修补环境。可通过以下链接之一下载安全补丁插件并安装在 TeamCity 8.0+ 上。它将修补上述特定 RCE 漏洞。对于 TeamCity 2019.2 及更高版本，无需重新启动 TeamCity 服务器即可启用插件。对于 2019.2 之前的版本，安装插件后需要重新启动服务器。

安全补丁插件：适用于 TeamCity 2018.2 到 2023.05.3 | 适用于 TeamCity 8.0 到 2018.1

重要提示：安全补丁插件仅解决上述 RCE 漏洞。我们始终建议用户将服务器升级到最新版本，以受益于更多安全更新。

如果您的服务器可通过互联网公开访问，但您无法立即执行上述缓解措施，那么我们建议暂时使服务器不可访问，直到缓解措施完成。

最近修正的安全问题的完整列表位于 JetBrains 网站的修正的安全问题页面上。您还可以通过电子邮件订阅接收有关所有 JetBrains 产品修正的通知。

常见问题解答

受影响的版本有哪些？

修补版本 (2023.05.4) 之前的所有版本均受此问题影响。我们建议尽快升级。

TeamCity Cloud 受影响吗？

此问题不会影响 TeamCity Cloud，我们已经将 TeamCity Cloud 服务器升级到最新版本。

是否可以将修正向后移植到我们的版本？ 

我们目前不考虑向后移植。请注意，我们发布的插件可以缓解此问题，并且与 TeamCity 8.0+ 兼容。

支持

如果您对此问题有任何疑问或遇到升级问题，请提交工单联系 TeamCity 支持团队。

本博文英文原作者：