In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html | Exploit VDB Entry |
https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793 | Technical Description Third Party Advisory |
https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/ | Vendor Advisory |
https://www.jetbrains.com/privacy-security/issues-fixed/ | Vendor Advisory |
https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/ | Third Party Advisory |
https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/ | Press/Media Coverage |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: JetBrains
Published: 2023-09-19T16:57:29.245Z
Updated: 2023-09-19T16:57:29.245Z
Reserved: 2023-09-14T09:48:47.154Z
Link: CVE-2023-42793
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-19T17:15:08.330
Modified: 2023-10-03T15:44:06.660
Link: CVE-2023-42793
JSON object: View
Redhat Information
No data.
CWE