Cloud versions of the JetBrains TeamCity software development platform manager have already been updated against a new pair of critical vulnerabilities, but on-premises deployments need immediate patching, a security advisory from the vendor warned this week.
This is the second round of critical TeamCity vulnerabilities in the past two months. The ramifications could be wide: The company’s software development lifecycle (SDLC) platform is used across 30,000 organizations, including Citibank, Nike, and Ferrari.
The TeamCity tool manages the software development CI/CD pipeline, which is the process by which code is built, tested, and deployed. The new vulnerabilities, tracked under CVE-2024-27198 and CVE-2024-27199, could allow threat actors to bypass authentication and gain admin control of the victim’s TeamCity server, according to a blog post from TeamCity.
The flaws were found and reported by Rapid7 in February, the company added. The Rapid7 team is poised to release full technical…