Yet another JetBrains TeamCity On-Prem vulnerability: CVE-2024-23917 (9.8 critical)
If abused, the flaw may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.
Why you should care about CVE-2024-23917:
Russian Foreign Intelligence Service (SVR) exploited a similar JetBrains TeamCity authentication bypass vulnerability CVE-2023-42793 (9.8 critical) worldwide, as reported in a CISA cybersecurity advisory dated 13 December 2023, less than 2 months ago.