"On-Premises JetBrains TeamCity Servers Vulnerable to Auth Bypass"

JetBrains has addressed a critical authentication bypass vulnerability, tracked as CVE-2024-23917, that affects TeamCity On-Premises continuous integration and deployment servers. The vulnerability could enable an unauthenticated threat actor with HTTP(S) access to a TeamCity server to evade authentication controls and gain administrative access on the server. JetBrains TeamCity servers were a popular target for state-sponsored hackers in 2023, exploiting another authentication bypass vulnerability, tracked as CVE-2023-42793. Russian state-sponsored hackers have been exploiting the vulnerability since September 2023. This article continues to discuss the potential exploitation of the critical authentication bypass vulnerability impacting TeamCity On-Premises continuous integration and deployment servers.

Help Net Security reports "On-Premises JetBrains TeamCity Servers Vulnerable to Auth Bypass"

Submitted by grigby1