Software developers working with Jet Brains TeamCity should update the continuous integration and deployment tool in the on-premises version for security reasons. The developers have two “critical“Security gaps closed.
Advertisement
Unauthorized admin access
In a post, those responsible state that attackers can bypass registration and gain admin rights without authentication with HTTP(S) access to TeamCity servers. To give admins time to patch, there are currently no technical details on how to exploit the two vulnerabilities (CVE-2024-27198, CVE-2024-27199).
Die On-Premises-Version 2023.11.4 is prepared against it. All previous editions are said to be vulnerable. TeamCity in the cloud should already be secured. If admins are currently unable to install the secured edition, Jet Brains has released Security Patch Plugins (TeamCity 2018.2 and newer and TeamCity 2018.1 and older). Installation instructions are available in the support area.
(of the)