9.8

CVE-2023-42793

Warning
Media report
Exploit

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Data is provided by the National Vulnerability Database (NVD)
JetBrainsTeamcity Version < 2023.05.4

04.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

JetBrains TeamCity Authentication Bypass Vulnerability

Vulnerability

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.91% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@jetbrains.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.