JetBrains releases security fixes for TeamCity CI/CD system

news

Mar 12, 20241 min

Two critical security vulnerabilities discovered by Rapid7 could allow an attacker to gain administrative control of TeamCity On-Premises servers.

Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7.

The two vulnerabilities reported in late-February by Rapid7 would enable an authenticated attacker with HTTP(S) access to a TeamCity On-Premises server to bypass authentication checks and gain administrative control. These vulnerabilities affected all TeamCity On-Premises versions through 2023.11.3, but have been fixed in TeamCity On-Premises 2023.11.4. For users unable to update their server to version 2023.11.4, JetBrains also released a security patch plugin.

JetBrains urges TeamCity On-Premises customers to update to 2023.11.4 now or install the security patch immediately.

SecurityBuild AutomationDevopsApplication SecuritySoftware Development

by Paul Krill

Editor at Large

Follow Paul Krill on X

Paul Krill is editor at large at InfoWorld. Paul has been covering computer technology as a news and feature reporter for more than 35 years, including 30 years at InfoWorld. He has specialized in coverage of software development tools and technologies since the 1990s, and he continues to lead InfoWorld’s news coverage of software development platforms including Java and .NET and programming languages including JavaScript, TypeScript, PHP, Python, Ruby, Rust, and Go. Long trusted as a reporter who prioritizes accuracy, integrity, and the best interests of readers, Paul is sought out by technology companies and industry organizations who want to reach InfoWorld’s audience of software developers and other information technology professionals. Paul has won a “Best Technology News Coverage” award from IDG.

Show me more

Topics

About

Policies

Our Network

More

JetBrains releases security fixes for TeamCity CI/CD system

Two critical security vulnerabilities discovered by Rapid7 could allow an attacker to gain administrative control of TeamCity On-Premises servers.

More from this author

Google adds vibe design to Stitch UI design tool

OpenAI buys Python tools builder Astral

Java future calls for boosts with records, primitives, classes

Edge.js launched to run Node.js for AI

Project Detroit, bridging Java, Python, JavaScript, moves forward

JDK 26: The new features in Java 26

Oracle unveils the Java Verified Portfolio

Gemini CLI introduces plan mode

Show me more

OpenAI’s desktop superapp: The end of ChatGPT as we know it?

Google’s Stitch UI design tool is now AI-powered

Stop using AI to submit bug reports, says Google

How to build desktop apps in Typescript with Electrobun

Write and run assembly in Python with Copapy

Run AI Models Locally on Your PC — No Cloud Required (LM Studio Guide)