CVE-2023-42793:JetBrains TeamCity prior to version 2023.05.4 is affected by CVE-2023-42793, a critical authentication bypass vulnerability that could allow an unauthenticated attacker to achieve remote code execution on the TeamCity server.

splash
Back

Description Preview

This vulnerability is classified as CWE-288 and permits an unauthenticated attacker to bypass authentication and execute arbitrary code on the TeamCity server over the network. Affected releases are TeamCity versions prior to 2023.05.4 (semver), enabling remote code execution with high impact on confidentiality, integrity, and availability. The CVSS v3.1 base score is 9.8 (CRITICAL), with no user interaction required and no privileges needed. JetBrains has released fixes for this issue in 2023.05.4 and later, and detailed post-mortems and remediation guidance are available from JetBrains and security researchers.

Overview

This CVE details a critical authentication bypass in JetBrains TeamCity that can lead to remote code execution on the server. The vulnerability affects TeamCity versions preceding 2023.05.4 and is exploitable over the network without any user interaction or prior privileges. With a CVSS v3.1 base score of 9.8, the impact spans confidentiality, integrity, and availability. Patch information and remediation guidance have been published by JetBrains, including a fixed release in 2023.05.4 and subsequent updates.

Remediation

  • Upgrade to TeamCity 2023.05.4 or a later version where the vulnerability is fixed. Plan and perform the upgrade in a controlled maintenance window (backup current data, test the upgrade in a staging environment, then roll out to production).
  • If a quick upgrade is not feasible, implement compensating network controls: place TeamCity behind a firewall or VPN, restrict access to trusted networks, and require strong authentication through a protected reverse proxy or gateway. Consider enabling multi-factor authentication where available and enforcing TLS encryption.
  • Disable or limit unauthenticated access to the TeamCity server and monitor access logs for unusual activity. Apply web application firewall rules to block abuse patterns related to this vulnerability.
  • After remediation, verify that the patch is effective by testing a controlled exploitation scenario in a lab and reviewing server logs for indicators of attempted exploitation. Keep an eye on security advisories and ensure ongoing vulnerability management coverage.

References

  • https://www.jetbrains.com/privacy-security/issues-fixed/
  • https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
  • http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
  • https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
  • https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
  • https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
  • https://www.sonarsource.com/blog/teamcity-vulnerability/

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date
Oct 2, 2023
CISA KEV Date
Oct 4, 2023
2days early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Finance and Insurance: Low
    Finance and Insurance
  2. Manufacturing: Low
    Manufacturing
  3. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  6. Public Administration: Low
    Public Administration
  7. Accommodation & Food Services: Low
    Accommodation & Food Services
  8. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  9. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  10. Construction: Low
    Construction
  11. Educational Services: Low
    Educational Services
  12. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  13. Information: Low
    Information
  14. Mining: Low
    Mining
  15. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background