JetBrains is alerting buyers of a critical security flaw in its TeamCity On-Premises steady integration and continuous deployment (CI/CD) software program that could be exploited by danger actors to get above inclined cases.
The vulnerability, tracked as CVE-2024-23917, carries a CVSS ranking of 9.8 out of 10, indicative of its severity.
“The vulnerability might allow an unauthenticated attacker with HTTP(S) entry to a TeamCity server to bypass authentication checks and gain administrative management of that TeamCity server,” the firm stated.
The issue impacts all TeamCity On-Premises variations from 2017.1 as a result of 2023.11.2. It has been addressed in version 2023.11.3. An unnamed exterior security researcher has been credited with exploring and reporting the flaw on January 19, 2024.
Users who are unable to update their servers to model 2023.11.3 can alternately obtain a security patch plugin to apply fixes for the flaw.
“If your server is publicly obtainable more than the internet and you are unable to consider 1 of the earlier mentioned mitigation steps instantly, we advocate temporarily creating it inaccessible until mitigation steps have been completed,” JetBrains suggested.
Although there is no proof that the shortcoming has been abused in the wild, a comparable flaw in the exact item (CVE-2023-42793, CVSS rating: 9.8) arrived below lively exploitation previous calendar year inside of times of public disclosure by multiple threat actors, like ransomware gangs and state-sponsored groups affiliated with North Korea and Russia.
Discovered this report appealing? Comply with us on Twitter and LinkedIn to read through extra unique information we write-up.
Some parts of this article are sourced from:
thehackernews.com