JetBrains has launched fixes for two crucial safety vulnerabilities in its TeamCity On-Premises CI/CD system found by cybersecurity firm Rapid7.
The two vulnerabilities reported in late-February by Rapid7 would allow an authenticated attacker with HTTP(S) entry to a TeamCity On-Premises server to bypass authentication checks and achieve administrative management. These vulnerabilities affected all TeamCity On-Premises variations by 2023.11.3, however have been fastened in TeamCity On-Premises 2023.11.4. For customers unable to replace their server to model 2023.11.4, JetBrains additionally launched a safety patch plugin.
JetBrains urges TeamCity On-Premises clients to replace to 2023.11.4 now or set up the safety patch instantly.
Copyright © 2024 IDG Communications, Inc.
