CVE-2024-23917: Critical JetBrains Takeover Vulnerability
Sensors Tech Forum – Milena Dimitrova
Here is a summary of the key points:
– JetBrains has issued an urgent alert about a severe authentication bypass vulnerability (CVE-2024-23917) affecting all versions of TeamCity On-Premises from 2017\)1 through 2023\)11\)2\)
– The flaw allows attackers full admin access without user interaction.
JetBrains urges customers to immediately upgrade to 2023\)11\)3 or restrict internet access until patched.
– Over 2,000 vulnerable TeamCity servers have been exposed online historically.
The number still unpatched is unknown.
– This new vulnerability is reminiscent of CVE-2023-42793 exploited by state-sponsored and ransomware hackers for remote code execution since September 2023\)
– TeamCity has over 30,000 organizational customers globally, including major companies in banking, gaming, retail, and automotive industries.
– Patching CVE-2024-23917 is critical to prevent potential compromise of networks and software supply chains.
In summary, the vulnerability enables administrative takeover of a popular software development platform used by thousands of organizations.
Prompt vendor-recommended patching is vital to thwarting cyber attacks.
Link: https://sensorstechforum.com/cve-2024-23917-jetbrains-teamcity-on-premises