all InfoSec news
Critical JetBrains TeamCity Authentication Bypass (CVE-2024-23917); CISA Adds Chrome Type Confusion to KEV (CVE-2023-4762)
Malware Analysis, News and Indicators - Latest topics malware.news
JetBrains recently discovered a critical authentication bypass vulnerability in TeamCity On-Premises servers. This vulnerability could allow attackers to take over vulnerable instances with elevated privileges.
TeamCity is a powerful CI/CD tool, used in automating the Software Development Lifecycle (SDLC) pipeline. It is a popular choice for developers and DevOps teams due to its extensive features, flexibility, and ease of integration.
Due to the vulnerability, tracked as CVE-2024-23917 (CVSS: 9.8), an attacker with HTTP(S) access can bypass authentication checks.
Details …
attackers authentication authentication bypass bypass bypass vulnerability chrome cisa critical cve development jetbrains jetbrains teamcity kev lifecycle pipeline popular privileges sdlc servers software software development teamcity tool type confusion vulnerability vulnerable