EDB-51884
remotejava
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
CVE-2023-42793
ByteHunter3/14/2024
CVE-2023-42793
9.8CRITICALIn JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Publicado: 9/19/2023Actualizado: 10/24/2025
Vulnerabilidad Explotada Conocida (CISA)
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
Acción Requerida:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Fecha Límite:
2023-10-25
Uso de Ransomware Conocido
Descripción
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Análisis IAImpulsado por IA
Productos Afectados
jetbrainsteamcity
Exploits Disponibles (1)
Referencias
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793Third Party Advisory
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/Broken LinkThird Party Advisory
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/Press/Media Coverage
- https://www.sonarsource.com/blog/teamcity-vulnerability/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793Third Party Advisory
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/Broken LinkThird Party Advisory
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/Press/Media Coverage
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42793US Government Resource