CVE-2021-31914 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-31914?

CVE-2021-31914 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary code on JetBrains TeamCity servers running on Windows. It affects TeamCity installations before version 2020.2.4 on Windows operating systems, potentially compromising the entire CI/CD pipeline.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on JetBrains TeamCity servers running on Windows. It affects TeamCity installations before version 2020.2.4 on Windows operating systems, potentially compromising the entire CI/CD pipeline.

💻 Affected Systems

Products:

JetBrains TeamCity

Versions: All versions before 2020.2.4

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations of TeamCity. Linux/macOS installations are not vulnerable.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the TeamCity server, allowing attackers to steal source code, deploy malicious builds, pivot to internal networks, and maintain persistent access.

🟠

Likely Case

Attackers gain control of the TeamCity server to execute arbitrary commands, potentially modifying build processes or stealing credentials.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but still significant if exploited.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation details are not publicly documented, but the high CVSS score suggests significant impact potential.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2020.2.4 or later

Vendor Advisory: https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/

Restart Required: Yes

Instructions:

1. Backup TeamCity configuration and data. 2. Download TeamCity 2020.2.4 or later from JetBrains website. 3. Stop TeamCity service. 4. Install the updated version. 5. Restart TeamCity service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to TeamCity server to only trusted IPs and users.

Operating System Migration

all

Migrate TeamCity installation from Windows to Linux or macOS if possible.

🧯 If You Can't Patch

Implement strict network access controls and firewall rules to limit TeamCity server exposure.
Monitor TeamCity server logs and network traffic for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Server Information. If version is below 2020.2.4 and OS is Windows, system is vulnerable.

Check Version:

Check TeamCity web interface at Administration → Server Administration → Server Information

Verify Fix Applied:

Verify TeamCity version is 2020.2.4 or higher in Administration → Server Administration → Server Information.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution on TeamCity server
Suspicious authentication attempts
Unexpected system modifications

Network Indicators:

Unusual outbound connections from TeamCity server
Suspicious inbound traffic to TeamCity ports

SIEM Query:

source="teamcity" AND (event_type="process_execution" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2021-31914

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 11, 2021

Last Updated: November 21, 2024

🔗 References

https://blog.jetbrains.com Vendor Advisory
https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/ Vendor Advisory
https://blog.jetbrains.com Vendor Advisory
https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON