On February 6, 2024 JetBrains disclosed a newly discovered vulnerability impacting TeamCity On-Premises (all versions from 2017.1 through 2023.11.2) continuous integration and continuous deployment (CI/CD) software due to an authentication bypass potentially leading to remote code execution. The vulnerability is tracked as CVE-2024-23917, and has been assigned a CVSS of 9.8. A patch has been issued; version 2023.11.3 is fixed.
Last December, Russia-nexus actors exploited a separate vulnerability impacting JetBrains TeamCity (CVE-2023-42793). In light of this threat landscape, organizations whose TeamCity On-Premise instances are internet-facing may want to readily remediate this vulnerability. Yet, at report time, there is no evidence of active exploitation in the wild.