CVE-2023-42793

Warnung

Medienbericht

Exploit

EPSS 92.91%
Veröffentlicht 19.09.2023 17:15:08
Zuletzt bearbeitet 10.03.2025 20:32:11
Quelle cve@jetbrains.com
Teams Watchlist Login
Unerledigt Login

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Betroffene Produkte Warnungen 1 Metriken 3 CWE 2 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

JetBrains ≫ Teamcity Version < 2023.05.4

04.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

JetBrains TeamCity Authentication Bypass Vulnerability

Schwachstelle

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	92.91%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.jetbrains.com/privacy-security/issues-fixed/

Vendor Advisory

http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793

Third Party Advisory

https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/

Vendor Advisory

https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/

Third Party Advisory

https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/

Press/Media Coverage

https://www.sonarsource.com/blog/teamcity-vulnerability/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-42793

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-42793

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-42793

EUVD