In JetBrains TeamCity prior to 2023.11.3 authentication bypass leading to RCE was possible
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jetbrains teamcity |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Cloud version is safe, but no assurances offered about possible on-prem exploits
JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool. Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows unauthenticated remote attackers to take over vulnerable servers with admin privileges. "All versions from 2017.1 through 2023.11.2 are affected by this issue," Daniel Gallo, solutions engineer at JetBrains, said in an advisory. "The i...