JetBrains has released updates addressing a critical vulnerability (CVE-2024-27198) affecting JetBrains TeamCity On-Premises. The vulnerability is reportedly being actively exploited and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the authentication bypass vulnerability could allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform remote code execution and gain administrative control over the compromised server.
The vulnerability affects TeamCity On-Premises versions before 2023.11.4.
Users and administrators of affected products are advised to update to the latest version immediately.
More information is available here: