Security News > 2024 > February > JetBrains urges swift patching of latest critical TeamCity flaw

JetBrains urges swift patching of latest critical TeamCity flaw
2024-02-07 12:33

JetBrains is encouraging all users of TeamCity to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.

The vulnerability only requires attention for admins of on-prem servers since TeamCity Cloud has already been patched.

JetBrains also confirmed that no attacks had been detected against TeamCity Cloud, but made no such assertions about the on-prem product.

Patching can be carried out by downloading the latest version, using the automatic update feature within TeamCity itself, or by using the security patch plugin which addresses CVE-2024-23917 only.

If, for whatever reason, any of the patches or mitigations can't be applied immediately, it's recommended that public-facing TeamCity servers should be made inaccessible until the critical flaw is addressed.

The disclosure comes just a few months after it was revealed that state-sponsored attackers from Russia and North Korea were separately targeting TeamCity servers vulnerable to a similar flaw announced in September.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/07/jetbrains_teamcity_critical_vuln/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-23917 Missing Authentication for Critical Function vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
network
low complexity
jetbrains CWE-306
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Jetbrains 32 28 275 59 16 378