JetBrains is alerting consumers of a critical security flaw in its TeamCity On-Premises constant integration and continual deployment (CI/CD) software package that could be exploited by threat actors to take over inclined occasions.
The vulnerability, tracked as CVE-2024-23917, carries a CVSS score of 9.8 out of 10, indicative of its severity.
“The vulnerability could permit an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative command of that TeamCity server,” the corporation explained.
The issue impacts all TeamCity On-Premises versions from 2017.1 through 2023.11.2. It has been tackled in version 2023.11.3. An unnamed exterior security researcher has been credited with identifying and reporting the flaw on January 19, 2024.
People who are unable to update their servers to version 2023.11.3 can alternately down load a security patch plugin to use fixes for the flaw.
“If your server is publicly available above the internet and you are not able to acquire one particular of the over mitigation actions promptly, we advise temporarily building it inaccessible right until mitigation actions have been accomplished,” JetBrains recommended.
Even though there is no proof that the shortcoming has been abused in the wild, a identical flaw in the very same merchandise (CVE-2023-42793, CVSS score: 9.8) arrived less than lively exploitation very last yr inside times of general public disclosure by numerous threat actors, which includes ransomware gangs and point out-sponsored groups affiliated with North Korea and Russia.
Located this posting interesting? Comply with us on Twitter and LinkedIn to browse far more exclusive information we post.
Some pieces of this post are sourced from: