📚 On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server. The vulnerability was first identified and reported by an external security researcher on January 19, 2024, and affects all versions of TeamCity On-Premises from 2017.1 through 2023.11.2. “We have fixed this … More →

The post On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) appeared first on Help Net Security.