CVE-2023-42793:
JetBrains TeamCity prior to version 2023.05.4 is affected by CVE-2023-42793, a critical authentication bypass vulnerability that could allow an unauthenticated attacker to achieve remote code execution on the TeamCity server.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Sep 19, 2023
- CISA KEV Date:Oct 4, 2023
- Industries Affected:20
15 DaysThreat Predictions
- EPSS Score:92.9
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
JetBrains TeamCity prior to version 2023.05.4 is affected by CVE-2023-42793, a critical authentication bypass vulnerability that could allow an unauthenticated attacker to achieve remote code execution on the TeamCity server.
Overview
This CVE details a critical authentication bypass in JetBrains TeamCity that can lead to remote code execution on the server. The vulnerability affects TeamCity versions preceding 2023.05.4 and is exploitable over the network without any user interaction or prior privileges. With a CVSS v3.1 base score of 9.8, the impact spans confidentiality, integrity, and availability. Patch information and remediation guidance have been published by JetBrains, including a fixed release in 2023.05.4 and subsequent updates.
Remediation
- Upgrade to TeamCity 2023.05.4 or a later version where the vulnerability is fixed. Plan and perform the upgrade in a controlled maintenance window (backup current data, test the upgrade in a staging environment, then roll out to production).
- If a quick upgrade is not feasible, implement compensating network controls: place TeamCity behind a firewall or VPN, restrict access to trusted networks, and require strong authentication through a protected reverse proxy or gateway. Consider enabling multi-factor authentication where available and enforcing TLS encryption.
- Disable or limit unauthenticated access to the TeamCity server and monitor access logs for unusual activity. Apply web application firewall rules to block abuse patterns related to this vulnerability.
- After remediation, verify that the patch is effective by testing a controlled exploitation scenario in a lab and reviewing server logs for indicators of attempted exploitation. Keep an eye on security advisories and ensure ongoing vulnerability management coverage.
References
- - https://www.jetbrains.com/privacy-security/issues-fixed/
- - https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
- - http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
- - https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
- - https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
- - https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
- - https://www.sonarsource.com/blog/teamcity-vulnerability/
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Oct 2, 2023
- CISA KEV Date:Oct 4, 2023
- Days Early:15 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
