EDB-51884
remotejava
JetBrains TeamCity 2023.05.3 - Remote Code Execution (RCE)
CVE-2023-42793
ByteHunter3/14/2024
CVE-2023-42793
9.8CRITICALIn JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Publicado: 9/19/2023Atualizado: 10/24/2025
Vulnerabilidade Explorada Conhecida (CISA)
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
Ação Necessária:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Prazo:
2023-10-25
Uso Conhecido de Ransomware
Descrição
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Análise IADesenvolvido por IA
Produtos Afetados
jetbrainsteamcity
Exploits Disponíveis (1)
Referências
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793Third Party Advisory
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/Broken LinkThird Party Advisory
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/Press/Media Coverage
- https://www.sonarsource.com/blog/teamcity-vulnerability/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793Third Party Advisory
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/Broken LinkThird Party Advisory
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/Press/Media Coverage
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42793US Government Resource