JetBrains is alerting consumers of a critical security flaw in its TeamCity On-Premises constant integration and continual deployment (CI/CD) software package that could be exploited by threat actors to take over inclined occasions.
The vulnerability, tracked as CVE-2024-23917, carries a CVSS score of 9.8 out of 10, indicative of its severity.
“The vulnerability could permit an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative command of that TeamCity server,” the corporation explained.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The issue impacts all TeamCity On-Premises versions from 2017.1 through 2023.11.2. It has been tackled in version 2023.11.3. An unnamed exterior security researcher has been credited with identifying and reporting the flaw on January 19, 2024.
People who are unable to update their servers to version 2023.11.3 can alternately down load a security patch plugin to use fixes for the flaw.
“If your server is publicly available above the internet and you are not able to acquire one particular of the over mitigation actions promptly, we advise temporarily building it inaccessible right until mitigation actions have been accomplished,” JetBrains recommended.
Even though there is no proof that the shortcoming has been abused in the wild, a identical flaw in the very same merchandise (CVE-2023-42793, CVSS score: 9.8) arrived less than lively exploitation very last yr inside times of general public disclosure by numerous threat actors, which includes ransomware gangs and point out-sponsored groups affiliated with North Korea and Russia.
Located this posting interesting? Comply with us on Twitter and LinkedIn to browse far more exclusive information we post.
Some pieces of this post are sourced from:
thehackernews.com
Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials