Security researchers at Sonar have discovered a “critical” vulnerability in the TeamCity (on-premises) software distribution system. After successful attacks, attackers can spy on software projects on servers and copy source code.
Software developers use the Java-based TeamCity server during development to provide multiple builds for different operating systems.
Critical security vulnerability
As a warning message shows, the vulnerability (CVE-2023-42793) can serve as a loophole for attackers. Attacks should be possible remotely and without authentication. However, attackers must have access to a TeamCity server in order to execute malicious code on systems via crafted HTTP(S) requests. How an attack can take place in detail is currently unknown. The security researchers provide further information in an article.
The developers claim to have resolved the security issue in release 2023.05.4. All previous versions are said to be threatened. According to them, the cloud edition is not vulnerable. So far there is no information about attacks. Admins should still update the software quickly. For anyone who cannot install the secured version directly, there are two security patch plugins for TeamCity 2018.2 and TeamCity 8.0.
Protect development servers
If TeamCity servers are not currently patchable and accessible via the Internet, admins should take the server offline for the time being. In order to reduce the attack surface, this approach should generally apply. Since some systems have to be accessible from outside, admins should secure access via SSH and strong passwords, for example.
To the homepage
#Software #development #Attackers #steal #source #code #TeamCity #vulnerability