Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
ID: f98e2df9-c32e-56ad-a660-7299348e1401
STIX ID: report--f98e2df9-c32e-56ad-a660-7299348e1401
Feed Name: The Hacker News
JetBrains disclosed a critical authentication-bypass vulnerability in TeamCity On-Premises (CVE-2024-23917, CVSS 9.8) that could allow unauthenticated attackers with HTTP(S) access to gain administrative control. The issue impacts versions 2017.1 through 2023.11.2 and is fixed in 2023.11.3; mitigations include updating to 2023.11.3, applying a security patch plugin, or making publicly accessible servers temporarily inaccessible. While there is no evidence of active exploitation so far, a similar past TeamCity vulnerability was rapidly exploited by ransomware and state-aligned actors after disclosure.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.