Security News > 2024 > March > Exploit available for new critical TeamCity auth bypass bug, patch now
A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions.
"Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.
Rapid7 demonstrated the severity of the flaw by creating an exploit that generated an authentication and allowed them to get shell access on the target TeamCity server.
If this is not currently possible, a security patch plugin is available for TeamCity 2018.2 and newer as well as for TeamCity 2018.1 and older.
JetBrains warns of new TeamCity auth bypass vulnerability.
ScreenConnect critical bug now under attack as exploit code emerges.
News URL
Related news
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)