{"vulnerability": "CVE-2024-23917", "sightings": [{"uuid": "7eb8c62c-ad12-421c-a7bb-bc7034137128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "exploited", "source": "https://t.me/kasperskyb2b/1129", "content": "\u2755 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 TeamCity \u2014 \u0433\u043e\u0440\u0435 \u0432 \u0441\u0435\u043c\u044c\u0435 \n\nJetBrains \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0439 \u0434\u044b\u0440\u0435 \u0432 \u0441\u0432\u043e\u0435\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 CI/CD. \u041e\u0431\u0445\u043e\u0434 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 TeamCity (CVE-2024-23917, CVSS 9.8) \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 on-premise \u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0441\u0440\u043e\u0447\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e 2023.11.3. \u0422\u0435\u043c, \u043a\u0442\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f, \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b \u0434\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439  TeamCity 2017.1, 2017.2, 2018.1 \u0438 2018.2+. \u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u044b \u0441\u0435\u0440\u0432\u0435\u0440 TeamCity \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043e \u0438\u0437\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u0442 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 (\u0430 \u0432 \u0421\u0435\u0442\u0438 \u0438\u0445 \u0432\u0438\u0434\u043d\u043e \u043d\u0435 \u043c\u0435\u043d\u044c\u0448\u0435 \u043f\u0430\u0440\u044b \u0442\u044b\u0441\u044f\u0447).\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u0434\u044b\u0440\u044b \u0432 TeamCity \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u043c\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u0438\u043c\u0438 APT, \u0442\u0430\u043a \u0438 \u0431\u0430\u043d\u0434\u0430\u043c\u0438 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0442\u043e\u0442 \u0444\u0430\u043a\u0442, \u0447\u0442\u043e \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f TeamCity \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0435 \u041f\u041e, \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u043c\u043e\u0435 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439, \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u0436\u043d\u043e \u043b\u0438\u043a\u0432\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e \u0431\u044b\u0441\u0442\u0440\u043e. \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438  @\u041f2\u0422", "creation_timestamp": "2024-02-07T12:24:14.000000Z"}, {"uuid": "b3cd8ace-a523-4c6a-a53d-2075dc8cd60c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "Telegram/wvqYhx-62f7-fsM-R0V2AdUlmpx5HaZnjuVzaof2IdZDlg", "content": "", "creation_timestamp": "2024-02-07T11:12:12.000000Z"}, {"uuid": "1159339f-3aa2-4dd2-b10b-ef3a15d48cf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://t.me/thehackernews/4513", "content": "\u26a0\ufe0f Patch Alert \u2192 Critical vulnerability in JetBrains' TeamCity On-Premises (CVE-2024-23917) allows unauthenticated remote attackers to gain administrative control and take over servers. \n \nLearn more: https://thehackernews.com/2024/02/critical-jetbrains-teamcity-on-premises.html", "creation_timestamp": "2024-02-07T06:31:31.000000Z"}, {"uuid": "9e8aa9fe-306b-4649-8244-866b015aceec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10594", "content": "#exploit\n1. Race condition in 9p file system\nhttps://r00tkitsmm.github.io/fuzzing/2024/05/29/Race-into-9p.html\n\n2. CVE-2024-23917:\nJetbrains TeamCity Auth Bypass\nhttps://blog.0daylabs.com/2024/05/27/jetbrains-teamcity-auth-bypass", "creation_timestamp": "2024-05-31T01:09:23.000000Z"}, {"uuid": "2f86c780-edb7-436d-a65c-564226b5eeae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "Telegram/L63TmN9MZYgJ5uzLP_gJzN6rQEvxCddtGHZneHKPeoWmrw", "content": "", "creation_timestamp": "2024-02-07T09:05:21.000000Z"}, {"uuid": "6b786b9f-7dde-43f5-955f-4f04fa3ea696", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "published-proof-of-concept", "source": "Telegram/dBS6kdjoRmk3Hn_Yc4eGyAzaLK34GyAdM-jEn-SsO2IGWLU", "content": "", "creation_timestamp": "2024-06-12T15:09:41.000000Z"}, {"uuid": "caf90bab-924f-4774-82d2-716192a491b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://t.me/KomunitiSiber/1452", "content": "Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now\nhttps://thehackernews.com/2024/02/critical-jetbrains-teamcity-on-premises.html\n\nJetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances.\nThe vulnerability, tracked as\u00a0CVE-2024-23917, carries a CVSS rating of 9.8 out of 10, indicative of its severity.\n\"The vulnerability may enable an unauthenticated", "creation_timestamp": "2024-02-07T07:53:53.000000Z"}, {"uuid": "ebe1599e-671d-4d91-971a-3baa9fed2d07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://t.me/true_secator/5384", "content": "JetBrains \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 TeamCity, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438.\n\nCVE-2024-23917 (CVSS 9,8 \u0438\u0437 10) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 TeamCity On-Premises \u0441 2017.1 \u043f\u043e 2023.11.2 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d \u0432 RCE-\u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u043d\u0430\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u0432\u0441\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c TeamCity On-Premises \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u044b \u0434\u043e 2023.11.3 \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0440\u0438\u0441\u043a\u0430 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u044b TeamCity Cloud \u0443\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0438 \u043d\u0435\u0442 \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u043e\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0430\u0442\u0430\u043a\u043e\u0432\u0430\u043d\u044b.\n\n\u041a\u043b\u0438\u0435\u043d\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043d\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u043c\u043e\u0433\u0443\u0442 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u043c \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c TeamCity 2018.2+ \u0438 TeamCity 2017.1, 2017.2 \u0438 2018.1.\n\n\u0412 \u0441\u0432\u043e\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c, Shadowserver \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 2000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 TeamCity, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0441\u0435\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 173 - \u0432 \u0420\u043e\u0441\u0441\u0438\u0438. \u041a\u043e\u043d\u0435\u0447\u043d\u043e, \u043f\u043e\u043a\u0430 \u043d\u0435 \u044f\u0441\u043d\u043e, \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0438\u0437 \u043d\u0438\u0445 \u043e\u0441\u0442\u0430\u044e\u0442\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c\u0438, \u043d\u043e \u0441\u0443\u0434\u044f \u043f\u043e \u043e\u043f\u044b\u0442\u0443 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u043b\u0430\u0433\u0430\u0442\u044c, \u0447\u0442\u043e \u043c\u043d\u043e\u0433\u043e.\n\n\u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u0430\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u0432 \u0442\u043e\u043c \u0436\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 (CVE-2023-42793, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 9,8) \u0431\u044b\u043b \u0432 \u0441\u0432\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0432\u043e\u0441\u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043a\u0438 \u043a \u0430\u0442\u0430\u043a\u0430\u043c \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u041f\u041e, \u043d\u043e\u0432\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u0431\u0435\u0437\u0443\u0441\u043b\u043e\u0432\u043d\u043e, \u0431\u0443\u0434\u0435\u0442 \u0442\u0449\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0438 \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438.\n\n\u0415\u0449\u0435 \u0431\u044b, \u0432\u0435\u0434\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0443 JetBrains \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0431\u043e\u043b\u0435\u0435 30 000 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439 \u043f\u043e \u0432\u0441\u0435\u043c\u0443 \u043c\u0438\u0440\u0443, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0438 \u0442\u0430\u043a\u0438\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u0430\u043a Citibank, Ubisoft, HP, Nike \u0438 Ferrari.", "creation_timestamp": "2024-02-07T08:53:31.000000Z"}, {"uuid": "682e7f9a-28ed-40d6-826e-db6fc9c54cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://t.me/ctinow/197439", "content": "https://ift.tt/YCsPOaF\nCVE-2024-23917 | JetBrains TeamCity prior 2023.11.3 authentication bypass", "creation_timestamp": "2024-03-01T09:41:43.000000Z"}, {"uuid": "e3a38744-9853-4e67-b38f-d36775a494ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m3ioph4kf62i", "content": "", "creation_timestamp": "2025-10-18T21:02:28.780604Z"}, {"uuid": "97d0ba55-fd71-4fbd-80a6-b25d308e238c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "seen", "source": "https://t.me/ctinow/179911", "content": "https://ift.tt/uTm1iMk\nCVE-2024-23917", "creation_timestamp": "2024-02-06T11:26:51.000000Z"}, {"uuid": "0c07af1c-3b8a-4db3-801d-90a3c1fa3fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-23917", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2565", "content": "https://blog.0daylabs.com/2024/05/27/jetbrains-teamcity-auth-bypass/\n\nDiving deep into Jetbrains TeamCity Part 1 - Analysing CVE-2024-23917 leading to Authentication Bypass\n#\u5206\u6790", "creation_timestamp": "2024-05-30T17:08:44.000000Z"}]}