all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical JetBrains TeamCity Authentication Bypass (CVE-2024-23917); CISA Adds Chrome Type Confusion to KEV (CVE-2023-4762)

Add to bookmarks
Feb. 7, 2024, 1:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

JetBrains recently discovered a critical authentication bypass vulnerability in TeamCity On-Premises servers. This vulnerability could allow attackers to take over vulnerable instances with elevated privileges.


TeamCity is a powerful CI/CD tool, used in automating the Software Development Lifecycle (SDLC) pipeline. It is a popular choice for developers and DevOps teams due to its extensive features, flexibility, and ease of integration.


Due to the vulnerability, tracked as CVE-2024-23917 (CVSS: 9.8), an attacker with HTTP(S) access can bypass authentication checks.


Details …

attackers authentication authentication bypass bypass bypass vulnerability chrome cisa critical cve development jetbrains jetbrains teamcity kev lifecycle pipeline popular privileges sdlc servers software software development teamcity tool type confusion vulnerability vulnerable

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

CISA: Immediate GitLab account takeover flaw remediation crucial amid attacks 36 minutes ago | malware.news
account account takeover agency article +30
Increased stealth introduced in updated Zloader malware 36 minutes ago | malware.news
analysis anti-analysis article banking +18
Enterprise SOHOs subjected to Cuttlefish malware attacks 36 minutes ago | malware.news
april article attacks authentication +20
Dropbox Sign breach impacts customer data 37 minutes ago | malware.news
article breach compromised customer +21
Data breach hits Panda Restaurants 37 minutes ago | malware.news
american article bleepingcomputer breach +19
Qantas inadvertently exposes passenger information 37 minutes ago | malware.news
app article australian carrier +14
New CISA incident reporting draft rule deemed excessive 37 minutes ago | malware.news
agency awareness cisa critical +18
LockBit-hit French hospital rejects ransom payment 37 minutes ago | malware.news
article attack charts cybernews +18
US jails REvil ransomware affiliate for 2021 Kaseya attack 37 minutes ago | malware.news
affiliate article attack cnn +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs