JetBrains releases urgent advisory on vulnerabilities affecting TeamCity

JetBrains warned of two critical vulnerabilities in on-premises TeamCity (CVE-2024-27198, CVE-2024-27199) that can allow unauthenticated HTTP(S) attackers to bypass authentication and gain administrative control or replace server certificates; Rapid7 discovered the issues, urged immediate patching, and a disclosure dispute followed after JetBrains released fixes. Given TeamCity's prior targeting by nation-state actors and the potential for supply-chain compromise, organizations are strongly advised to apply updates or mitigations immediately if servers are internet-accessible.