JetBrains warns of new TeamCity auth bypass vulnerability

JetBrains disclosed a critical authentication bypass in TeamCity On-Premises (CVE-2024-23917) affecting versions 2017.1 through 2023.11.2 that can enable unauthenticated remote code execution; users are urged to upgrade to 2023.11.3 or apply vendor patches, and JetBrains reports cloud servers have been patched with no evidence yet of in-the-wild exploitation, though a similar prior vulnerability was exploited by APT29, North Korean groups, and ransomware actors and Shadowserver reports thousands of TeamCity instances exposed online.