JetBrains urges swift patching of latest critical TeamCity flaw

JetBrains disclosed a critical on-premises TeamCity vulnerability (CVE-2024-23917, provisional CVSS 9.8) affecting versions 2017.1 through 2023.11.2 that can allow unauthenticated remote attackers to gain admin privileges; the issue was patched in 2023.11.3 and administrators are urged to upgrade, apply the security patch plugin, or take public-facing servers offline until remediated. The advisory notes TeamCity Cloud was already patched and references past state-sponsored targeting of TeamCity (CVE-2023-42793) where foreign actors exploited similar flaws to move laterally and deploy backdoors.