{"id":1137369,"date":"2024-02-07T08:31:28","date_gmt":"2024-02-07T10:31:28","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-faille-critique-sur-site-de-jetbrains-teamcity-expose-les-serveurs-a-une-prise-de-controle-corrigez-maintenant\/"},"modified":"2024-02-07T08:31:33","modified_gmt":"2024-02-07T10:31:33","slug":"une-faille-critique-sur-site-de-jetbrains-teamcity-expose-les-serveurs-a-une-prise-de-controle-corrigez-maintenant","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-faille-critique-sur-site-de-jetbrains-teamcity-expose-les-serveurs-a-une-prise-de-controle-corrigez-maintenant\/","title":{"rendered":"Une faille critique sur site de JetBrains TeamCity expose les serveurs \u00e0 une prise de contr\u00f4le &#8211; Corrigez maintenant"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">07 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Cybers\u00e9curit\u00e9 \/ S\u00e9curit\u00e9 des logiciels<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Une-faille-critique-sur-site-de-JetBrains-TeamCity-expose-les.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>JetBrains alerte ses clients d&#8217;une faille de s\u00e9curit\u00e9 critique dans son logiciel d&#8217;int\u00e9gration et de d\u00e9ploiement continus (CI\/CD) TeamCity On-Premises qui pourrait \u00eatre exploit\u00e9e par des acteurs malveillants pour prendre le contr\u00f4le d&#8217;instances sensibles.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, suivie comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-23917\" target=\"_blank\"><strong>CVE-2024-23917<\/strong><\/a>porte une note CVSS de 9,8 sur 10, indiquant sa gravit\u00e9.<\/p>\n<p>&#8220;La vuln\u00e9rabilit\u00e9 peut permettre \u00e0 un attaquant non authentifi\u00e9 disposant d&#8217;un acc\u00e8s HTTP(S) \u00e0 un serveur TeamCity de contourner les contr\u00f4les d&#8217;authentification et d&#8217;obtenir le contr\u00f4le administratif de ce serveur TeamCity&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/blog.jetbrains.com\/teamcity\/2024\/02\/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917\/\" target=\"_blank\">dit<\/a>.<\/p>\n<p>Le probl\u00e8me affecte toutes les versions de TeamCity On-Premises de 2017.1 \u00e0 2023.11.2.  Ce probl\u00e8me a \u00e9t\u00e9 r\u00e9solu dans la version 2023.11.3.  Un chercheur externe en s\u00e9curit\u00e9 anonyme a \u00e9t\u00e9 reconnu pour avoir d\u00e9couvert et signal\u00e9 la faille le 19 janvier 2024.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/1705402644_392_Le-logiciel-malveillant-Inferno-deguise-en-Coinbase-a-draine-87.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Les utilisateurs qui ne parviennent pas \u00e0 mettre \u00e0 jour leurs serveurs vers la version 2023.11.3 peuvent \u00e9galement t\u00e9l\u00e9charger un plugin de correctif de s\u00e9curit\u00e9 pour appliquer des correctifs \u00e0 la faille.<\/p>\n<p>&#8220;Si votre serveur est accessible publiquement sur Internet et que vous ne parvenez pas \u00e0 prendre imm\u00e9diatement l&#8217;une des mesures d&#8217;att\u00e9nuation ci-dessus, nous vous recommandons de le rendre temporairement inaccessible jusqu&#8217;\u00e0 ce que les mesures d&#8217;att\u00e9nuation soient termin\u00e9es&#8221;, a conseill\u00e9 JetBrains.<\/p>\n<p>Bien qu&#8217;il n&#8217;y ait aucune preuve que cette faille ait \u00e9t\u00e9 exploit\u00e9e \u00e0 l&#8217;\u00e9tat sauvage, une faille similaire dans le m\u00eame produit (CVE-2023-42793, score CVSS : 9,8) a \u00e9t\u00e9 activement exploit\u00e9e l&#8217;ann\u00e9e derni\u00e8re quelques jours apr\u00e8s sa divulgation publique par plusieurs acteurs malveillants, y compris <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/PRODAFT\/status\/1708586257444430019\" target=\"_blank\">gangs de ran\u00e7ongiciels<\/a> et des groupes parrain\u00e9s par l\u2019\u00c9tat et affili\u00e9s \u00e0 la Cor\u00e9e du Nord et \u00e0 la Russie.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/critical-jetbrains-teamcity-on-premises.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80207 f\u00e9vrier 2024\ue804R\u00e9dactionCybers\u00e9curit\u00e9 \/ S\u00e9curit\u00e9 des logiciels JetBrains alerte ses clients d&#8217;une faille de s\u00e9curit\u00e9 critique dans son logiciel d&#8217;int\u00e9gration et de d\u00e9ploiement continus (CI\/CD) TeamCity On-Premises qui pourrait \u00eatre exploit\u00e9e par des acteurs malveillants pour prendre le contr\u00f4le d&#8217;instances sensibles. La vuln\u00e9rabilit\u00e9, suivie comme CVE-2024-23917porte une note CVSS de 9,8 sur 10, indiquant sa [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1137370,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4168,3976,19981,22,4165,4161,200267,16209,9048,206312,4159,4171,65,200271,617,200268,200269,200270,1566,128318,4172,4169,8541,2648,60,206313,196,4166,4164],"class_list":["post-1137369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-comment-pirater","tag-controle","tag-corrigez","tag-critique","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-expose","tag-faille","tag-jetbrains","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-maintenant","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-prise","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-serveurs","tag-site","tag-sur","tag-teamcity","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1137369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1137369"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1137369\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1137370"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1137369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1137369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1137369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}