Critical JetBrains TeamCity on-Premises Flaw exposes servers to takeover – Patch Now

JetBrains is alerting customers of a significant safety defect in its TeamCity, based on continuous integration and continuous deployment (CI/CD) software, which can be exploited to handle susceptible examples by actors.

The vulnerability tracked as the CVE-2024-23917 takes a CVSS rating of 9.8 out of 10, a sign of its severity.

The company said, “The vulnerability can enable an informal assailant with HTTP (s) to bypass the investigation of authentication until the TeamCity server and get the administrative control of that TeamCity server,” the company said.

The issue affects all Teamcity on-premises versions via 2017.1 through 2023.11.2. It is addressed in version 2023.11.3. An unnamed external security researcher has been credited with discovering and reporting defects on January 19, 2024.

Users who are unable to update their server to version 2023.11.3 can alternately download a safety patch plugin to apply the fix to the flaw.

“If your server is publicly accessible on the Internet and you are unable to take one of the above mitigation steps immediately, we recommend temporarily to make it inaccessible until mitigation actions are completed,” JetBrains advised.

While there is no evidence that the shortcoming has been abused in the wild, a similar flaw in the same product (CVE-2023-42793, CVSS Score: 9.8) came under active exploitation last year within days of Publish disclosure by multiple threat actors, including Ransomware Gangs and State-Sponsored Groups affiliated with North Korea and Russia.

Related posts

CISA and OpenSSF release framework for package repository security

Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Targets South Korea

Cloudflare breach: Nation-state hackers access source code and internal documents

1 comment

digital truck scales Iraq December 17, 2024 - 9:46 am
BWER is Iraq’s premier provider of industrial weighbridges, offering robust solutions to enhance efficiency, reduce downtime, and meet the evolving demands of modern industries.
Add Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More