In JetBrains TeamCity prior to 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jetbrains teamcity |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks
Updated The offensive cyber unit linked to Russia's Foreign Intelligence Service (SVR) is exploiting the critical vulnerability affecting the JetBrains TeamCity CI/CD server at scale, and has been since September, authorities warn. The news came in an advisory issued by the US' Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), the Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK's Na...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Cloud version is safe, but no assurances offered about possible on-prem exploits
JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows unauthenticated remote attackers to take over vulnerable servers with admin privileges. "All versions from 2017.1 through 2023.11.2 are affected by this issue," Daniel Gallo, solutions engineer at JetBrains, said in an advisory. "The i...