![](https://static.wixstatic.com/media/34c96e_fc9e669952b241fa9039fda38711a63f~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_fc9e669952b241fa9039fda38711a63f~mv2.jpg)
On February 6, 2024 JetBrains disclosed a newly discovered vulnerability impacting TeamCity On-Premises (all versions from 2017.1 through 2023.11.2) continuous integration and continuous deployment (CI/CD) software due to an authentication bypass potentially leading to remote code execution. The vulnerability is tracked as CVE-2024-23917, and has been assigned a CVSS of 9.8. A patch has been issued; version 2023.11.3 is fixed.
Last December, Russia-nexus actors exploited a separate vulnerability impacting JetBrains TeamCity (CVE-2023-42793). In light of this threat landscape, organizations whose TeamCity On-Premise instances are internet-facing may want to readily remediate this vulnerability. Yet, at report time, there is no evidence of active exploitation in the wild.