Security News > 2024 > March > Exploit available for new critical TeamCity auth bypass bug, patch now
A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions.
"Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.
Rapid7 demonstrated the severity of the flaw by creating an exploit that generated an authentication and allowed them to get shell access on the target TeamCity server.
If this is not currently possible, a security patch plugin is available for TeamCity 2018.2 and newer as well as for TeamCity 2018.1 and older.
JetBrains warns of new TeamCity auth bypass vulnerability.
ScreenConnect critical bug now under attack as exploit code emerges.
News URL
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)