Two critical security vulnerabilities discovered by Rapid7 could allow an attacker to gain administrative control of TeamCity On-Premises servers.
![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://www.infoworld.com/wp-content/uploads/2024/06/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-orig-100962411-orig.jpg?quality=50&strip=all&w=1024)
Credit: do not use
JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7.
The two vulnerabilities reported in late-February by Rapid7 would enable an authenticated attacker with HTTP(S) access to a TeamCity On-Premises server to bypass authentication checks and gain administrative control. These vulnerabilities affected all TeamCity On-Premises versions through 2023.11.3, but have been fixed in TeamCity On-Premises 2023.11.4. For users unable to update their server to version 2023.11.4, JetBrains also released a security patch plugin.
JetBrains urges TeamCity On-Premises customers to update to 2023.11.4 now or install the security patch immediately.
