JetBrains is advising all TeamCity (on-premises) users to swiftly upgrade to the most recent version in response to the disclosure of a critical vulnerability in the CI/CD tool.

Identified as CVE-2024-23917, the vulnerability has been assigned a provisional CVSS score of 9.8 and enables unauthenticated remote attackers to seize control of vulnerable servers with admin privileges.

Daniel Gallo, a solutions engineer at JetBrains, stated in an advisory, "This issue affects all versions from 2017.1 through 2023.11.2. The problem has been addressed in version 2023.11.3. We strongly recommend upgrading as soon as possible."

The vulnerability necessitates attention solely for administrators of on-premises servers, as TeamCity Cloud has already been patched. JetBrains also confirmed that no attacks had been observed against TeamCity Cloud but did not provide similar assurances about the on-premises product.

Patching can be performed by downloading the latest version, utilizing the automatic update feature within TeamCity, or using the security patch plugin, which specifically addresses CVE-2024-23917.

JetBrains advises that it's preferable to upgrade the entire server rather than solely patching the single vulnerability, as users will then receive all other accompanying security fixes.

If, for any reason, patches or mitigations cannot be immediately applied, it is recommended that public-facing TeamCity servers be made inaccessible until the critical flaw is remedied.

This disclosure follows closely on the heels of revelations that state-sponsored attackers from Russia and North Korea were separately targeting vulnerable TeamCity servers with a similar flaw announced in September.

https://www.taskade.com/p/mobile-suit-gundam-seed-freedom-full-hd-01HP1J7RQ0KB0W4K23KZD2FC90 https://www.taskade.com/p/2024-01HP1JCF4021J5FSWXN3P34WA3 https://www.taskade.com/p/hd-2024-mobile-suit-gundam-seed-freedom-thai-sub-01HP1JG8NYD5KRZVZCY4T01KFC https://www.taskade.com/p/silent-love-full-hd-01HP1JXP7JKQXWWKJ0D7B16KHS https://www.taskade.com/p/2024-01HP1KE7JQ2GN8S3YQX20ZG825 https://www.taskade.com/p/hd-2024-silent-love-thai-sub-01HP1KG69EC4GRCESNV7FQAG0T https://www.taskade.com/p/madame-web-full-hd-01HP1KRESPGA4RTRYS6N8MNPFV https://www.taskade.com/p/2024-01HP1KVZQ52JZX7V082J55DK7V https://www.taskade.com/p/hd-2024-madame-web-thai-sub-01HP1KYA8H3WXXY7ZBR2T7HFHT https://open.firstory.me/story/clsbuo0l10a6y01wrczob7ajw https://cretakorslet.mybloghunch.com/jetbrains-mendesak-segera-menambal-kerentanan-teamcity-kritis-terbaru https://cretakorslet.unicornplatform.page/blog/jetbrains-insta-a-parchear-rapidamente-la-ultima-vulnerabilidad-critica-de-teamcity