JetBrains is encouraging all users of TeamCity (on-prem) to upgrade to the latest version following the disclosure of a critical vulnerability in the CI/CD tool.
Tracked as CVE-2024-23917, the vulnerability has been assigned a provisional 9.8 CVSS score and allows unauthenticated remote attackers to take over vulnerable servers with admin privileges.
“All versions from 2017.1 through 2023.11.2 are affected by this issue,” Daniel Gallo, solutions engineer at JetBrains, said in an advisory. “The issue has been patched in 2023.11.3. We recommend upgrading as soon as possible.”