Feb. 7, 2024, 1:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

JetBrains recently discovered a critical authentication bypass vulnerability in TeamCity On-Premises servers. This vulnerability could allow attackers to take over vulnerable instances with elevated privileges.

TeamCity is a powerful CI/CD tool, used in automating the Software Development Lifecycle (SDLC) pipeline. It is a popular choice for developers and DevOps teams due to its extensive features, flexibility, and ease of integration.

Due to the vulnerability, tracked as CVE-2024-23917 (CVSS: 9.8), an attacker with HTTP(S) access can bypass authentication checks.

Details …

attackers authentication authentication bypass bypass bypass vulnerability chrome cisa critical cve development jetbrains jetbrains teamcity kev lifecycle pipeline popular privileges sdlc servers software software development teamcity tool type confusion vulnerability vulnerable

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

Issues Management & Risk Treatment Sr. Consultant

@ Northern Trust | Tempe, AZ Building 2190

Dir. DDIT ISC Enterprise Architecture AppSec

@ Novartis | Hyderabad (Office)

System Access Management Manager

@ Ingram Micro | CA - Irvine, HQ

Oracle Linux Systems Administrator

@ Leidos | 1662 Intelligence Community Campus - Bethesda MD

Senior Systems Engineer - AWS

@ CACI International Inc | 999 REMOTE