Patch Now: Critical TeamCity Bug Allows for Server Takeovers

JetBrains released fixes for a critical authentication-bypass in TeamCity On-Premises (CVE-2024-23917) affecting versions 2017.1 through 2023.11.2 that could allow unauthenticated remote attackers to gain administrative control; the vendor published an updated release (2023.11.3) and a security-plugin mitigation and urges immediate patching or removal of public access, noting the elevated risk given prior exploitation of TeamCity vulnerabilities by state-sponsored actors.