The JetBrains Blog

Introduction If you suspect your TeamCity On-Premises server has been compromised through a security vulnerability (such as CVE-2024-27198), and you were unable to patch or upgrade your server prior to the suspected incident, this blog post recommends some of the steps you should take to investig…

Introduction This blog post follows up on the recent TeamCity On-Premises security vulnerabilities notification and the subsequent post that described our timeline for addressing those vulnerabilities. At JetBrains, we adhere to a carefully balanced approach to vulnerability disclosure. We fol…

This is a follow-up to the vulnerability announcement we published on March 4, 2024. It’s important that we properly communicate the timeline for fixing the CVE-2024-27198 and CVE-2024-27199 vulnerabilities from JetBrains’ side. All times below are expressed in CET. February 19 6:54 pm –…

March 5, 2024 update: Please also see this follow-up blog post that describes our insights and timeline for addressing these vulnerabilities. Summary Two additional critical security vulnerabilities have been identified in TeamCity On-Premises. The vulnerabilities were discovered in Februa…

Summary A critical security vulnerability was identified in TeamCity On-Premises (initially discovered and reported by an external security researcher on January 19, 2024). This critical security vulnerability has been assigned the CVE identifier CVE-2024-23917 and presents the weakness CWE-2…

On September 6, 2023, a critical TeamCity On-Premises vulnerability issue (CVE identifier CVE-2023-42793) was discovered by the Sonar team. Here's the most recent update.