JetBrains Fixes TeamCity’s Critical Authentication Bypass


JetBrains has issued a critical authentication bypass warning for build management server TeamCity, stating that it could be remotely exploited to execute arbitrary code.

Tracked as CVE-2024-23917 (CVSS score of 9.8), the vulnerability affects all TeamCity On-Premises versions from 2017.1 through 2023.11.2 and was found on January 19, 2024. As stated by JetBrains, “if exploited, the vulnerability may allow an unauthorized attacker with HTTP(S) access to a TeamCity server to evade authentication procedures and obtain administrative control of that TeamCity server.”

The release of TeamCity On-Premise version 2023.11.3 resolved the issue. JetBrains claims not to have seen any in-the-wild exploitation of the bug and has already patched TeamCity cloud servers.

Read More: JetBrains Patches Critical Authentication Bypass in TeamCity

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.`