top of page
  • Clipeus

Newly Disclosed Vulnerability in JetBrains TeamCity Raises Cybersecurity Concerns


On February 6, 2024 JetBrains disclosed a newly discovered vulnerability impacting TeamCity On-Premises (all versions from 2017.1 through 2023.11.2) continuous integration and continuous deployment (CI/CD) software due to an authentication bypass potentially leading to remote code execution. The vulnerability is tracked as CVE-2024-23917, and has been assigned a CVSS of 9.8. A patch has been issued; version 2023.11.3 is fixed.


Last December, Russia-nexus actors exploited a separate vulnerability impacting JetBrains TeamCity (CVE-2023-42793). In light of this threat landscape, organizations whose TeamCity On-Premise instances are internet-facing may want to readily remediate this vulnerability. Yet, at report time, there is no evidence of active exploitation in the wild.

Comentarios


Los comentarios se han desactivado.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page