Critical internal error in JetBrains TeamCity exposes servers to takeover

TeamCity On-Premises Flaw

JetBrains is alerting customers to a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over sensitive instances.

The vulnerability, tracked as CVE-2024-23917has a CVSS rating of 9.8 out of 10, which is an indication of its severity.

“The vulnerability could allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative control of that TeamCity server,” the company said. said.

The issue affects all TeamCity On-Premises versions from 2017.1 through 2023.11.2. It is fixed in version 2023.11.3. An unnamed third-party security researcher has been credited with discovering and reporting the flaw on January 19, 2024.

Users who are unable to update their servers to version 2023.11.3 can alternately download a security patch plugin to apply fixes for the bug.

“If your server is publicly accessible via the Internet and you cannot immediately take any of the above measures, we recommend that you temporarily make it inaccessible until the measures are completed,” advises JetBrains.

While there is no evidence that the flaw has been exploited in the wild, a similar flaw in the same product (CVE-2023-42793, CVSS score: 9.8) was active by multiple threat actors within days of disclosure last year exploited. included ransomware gangs and state-sponsored groups linked to North Korea and Russia.

#Critical #internal #error #JetBrains #TeamCity #exposes #servers #takeover

Notify of
Inline Feedbacks
View all comments
Previous Post
Dutch Military Network

Chinese hackers abused the FortiGate flaw to breach the Dutch military network

Next Post
Crypto and Credentials

Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Cryptocurrencies and Credentials

Related Posts