On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server. The vulnerability was first identified and reported by an external security researcher on January 19, 2024, and affects all versions of TeamCity On-Premises from 2017.1 through 2023.11.2. “We have fixed this … More →

The post …

access actor administrative privileges auth authentication authentication bypass bypass bypass vulnerability continuous continuous integration controls critical cve deployment don't miss hot stuff http integration jetbrains jetbrains teamcity privileges security update server servers teamcity threat threat actor unauthenticated vulnerability vulnerable