![Digital bugs amid binary code. [security threats / malware / breach / hack / attack]](https://images.idgesg.net/images/idge/imported/imageapi/2024/03/11/13/digital_bugs_amid_binary_code_security_threats_malware_breach_hack_attack_by_whatawin_gettyimages-1188254819_2400x1600-100858616-large-100962411-large.jpg?auto=webp&quality=85,70)
JetBrains has released fixes for two critical security vulnerabilities in its TeamCity On-Premises CI/CD system discovered by cybersecurity company Rapid7.
The two vulnerabilities reported in late-February by Rapid7 would enable an authenticated attacker with HTTP(S) access to a TeamCity On-Premises server to bypass authentication checks and gain administrative control. These vulnerabilities affected all TeamCity On-Premises versions through 2023.11.3, but have been fixed in TeamCity On-Premises 2023.11.4. For users unable to update their server to version 2023.11.4, JetBrains also released a security patch plugin.
JetBrains urges TeamCity On-Premises customers to update to 2023.11.4 now or install the security patch immediately.