Vulnerability Details CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Exploit prediction scoring system (EPSS) score
EPSS Score 0.946
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
- https://www.jetbrains.com/privacy-security/issues-fixed/
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
- https://www.sonarsource.com/blog/teamcity-vulnerability/
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
- https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
- https://www.jetbrains.com/privacy-security/issues-fixed/
- https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
- https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
Products affected by CVE-2023-42793
-
cpe:2.3:a:jetbrains:teamcity:-
-
cpe:2.3:a:jetbrains:teamcity:10.0
-
cpe:2.3:a:jetbrains:teamcity:10.0.1
-
cpe:2.3:a:jetbrains:teamcity:10.0.2
-
cpe:2.3:a:jetbrains:teamcity:10.0.3
-
cpe:2.3:a:jetbrains:teamcity:10.0.4
-
cpe:2.3:a:jetbrains:teamcity:10.0.5
-
cpe:2.3:a:jetbrains:teamcity:2.0
-
cpe:2.3:a:jetbrains:teamcity:2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.1
-
cpe:2.3:a:jetbrains:teamcity:2017.1.2
-
cpe:2.3:a:jetbrains:teamcity:2017.1.3
-
cpe:2.3:a:jetbrains:teamcity:2017.1.4
-
cpe:2.3:a:jetbrains:teamcity:2017.1.5
-
cpe:2.3:a:jetbrains:teamcity:2017.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.1
-
cpe:2.3:a:jetbrains:teamcity:2017.2.2
-
cpe:2.3:a:jetbrains:teamcity:2017.2.3
-
cpe:2.3:a:jetbrains:teamcity:2017.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.1
-
cpe:2.3:a:jetbrains:teamcity:2018.1.2
-
cpe:2.3:a:jetbrains:teamcity:2018.1.3
-
cpe:2.3:a:jetbrains:teamcity:2018.1.4
-
cpe:2.3:a:jetbrains:teamcity:2018.1.5
-
cpe:2.3:a:jetbrains:teamcity:2018.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.1
-
cpe:2.3:a:jetbrains:teamcity:2018.2.2
-
cpe:2.3:a:jetbrains:teamcity:2018.2.3
-
cpe:2.3:a:jetbrains:teamcity:2018.2.4
-
cpe:2.3:a:jetbrains:teamcity:2018.2.5
-
cpe:2.3:a:jetbrains:teamcity:2019.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.1
-
cpe:2.3:a:jetbrains:teamcity:2019.1.2
-
cpe:2.3:a:jetbrains:teamcity:2019.1.3
-
cpe:2.3:a:jetbrains:teamcity:2019.1.4
-
cpe:2.3:a:jetbrains:teamcity:2019.1.5
-
cpe:2.3:a:jetbrains:teamcity:2019.2.0
-
cpe:2.3:a:jetbrains:teamcity:2019.2.1
-
cpe:2.3:a:jetbrains:teamcity:2019.2.2
-
cpe:2.3:a:jetbrains:teamcity:2019.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.1
-
cpe:2.3:a:jetbrains:teamcity:2020.1.2
-
cpe:2.3:a:jetbrains:teamcity:2020.1.3
-
cpe:2.3:a:jetbrains:teamcity:2020.1.4
-
cpe:2.3:a:jetbrains:teamcity:2020.1.5
-
cpe:2.3:a:jetbrains:teamcity:2020.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.1
-
cpe:2.3:a:jetbrains:teamcity:2020.2.2
-
cpe:2.3:a:jetbrains:teamcity:2020.2.3
-
cpe:2.3:a:jetbrains:teamcity:2020.2.85695
-
cpe:2.3:a:jetbrains:teamcity:2021.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04
-
cpe:2.3:a:jetbrains:teamcity:2022.04.1
-
cpe:2.3:a:jetbrains:teamcity:2022.04.2
-
cpe:2.3:a:jetbrains:teamcity:2022.04.3
-
cpe:2.3:a:jetbrains:teamcity:2022.04.4
-
cpe:2.3:a:jetbrains:teamcity:2022.04.5
-
cpe:2.3:a:jetbrains:teamcity:2022.04.6
-
cpe:2.3:a:jetbrains:teamcity:2022.04.7
-
cpe:2.3:a:jetbrains:teamcity:2022.10
-
cpe:2.3:a:jetbrains:teamcity:2022.10.1
-
cpe:2.3:a:jetbrains:teamcity:2022.10.2
-
cpe:2.3:a:jetbrains:teamcity:2022.10.3
-
cpe:2.3:a:jetbrains:teamcity:2022.10.4
-
cpe:2.3:a:jetbrains:teamcity:2022.10.5
-
cpe:2.3:a:jetbrains:teamcity:2022.10.6
-
cpe:2.3:a:jetbrains:teamcity:2023.05
-
cpe:2.3:a:jetbrains:teamcity:2023.05.1
-
cpe:2.3:a:jetbrains:teamcity:2023.05.2
-
cpe:2.3:a:jetbrains:teamcity:2023.05.3
-
cpe:2.3:a:jetbrains:teamcity:3.0
-
cpe:2.3:a:jetbrains:teamcity:3.1
-
cpe:2.3:a:jetbrains:teamcity:4.0
-
cpe:2.3:a:jetbrains:teamcity:4.0.1
-
cpe:2.3:a:jetbrains:teamcity:4.0.2
-
cpe:2.3:a:jetbrains:teamcity:4.5
-
cpe:2.3:a:jetbrains:teamcity:5.0
-
cpe:2.3:a:jetbrains:teamcity:5.1
-
cpe:2.3:a:jetbrains:teamcity:6.0
-
cpe:2.3:a:jetbrains:teamcity:6.5
-
cpe:2.3:a:jetbrains:teamcity:7.0
-
cpe:2.3:a:jetbrains:teamcity:7.1
-
cpe:2.3:a:jetbrains:teamcity:8.0
-
cpe:2.3:a:jetbrains:teamcity:8.0.1
-
cpe:2.3:a:jetbrains:teamcity:8.0.2
-
cpe:2.3:a:jetbrains:teamcity:8.0.3
-
cpe:2.3:a:jetbrains:teamcity:8.0.4
-
cpe:2.3:a:jetbrains:teamcity:8.0.5
-
cpe:2.3:a:jetbrains:teamcity:8.0.6
-
cpe:2.3:a:jetbrains:teamcity:8.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.1
-
cpe:2.3:a:jetbrains:teamcity:8.1.2
-
cpe:2.3:a:jetbrains:teamcity:8.1.3
-
cpe:2.3:a:jetbrains:teamcity:8.1.4
-
cpe:2.3:a:jetbrains:teamcity:8.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.0
-
cpe:2.3:a:jetbrains:teamcity:9.0.1
-
cpe:2.3:a:jetbrains:teamcity:9.0.2
-
cpe:2.3:a:jetbrains:teamcity:9.0.3
-
cpe:2.3:a:jetbrains:teamcity:9.0.4
-
cpe:2.3:a:jetbrains:teamcity:9.0.5
-
cpe:2.3:a:jetbrains:teamcity:9.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.1
-
cpe:2.3:a:jetbrains:teamcity:9.1.2
-
cpe:2.3:a:jetbrains:teamcity:9.1.3
-
cpe:2.3:a:jetbrains:teamcity:9.1.4
-
cpe:2.3:a:jetbrains:teamcity:9.1.5
-
cpe:2.3:a:jetbrains:teamcity:9.1.6
-
cpe:2.3:a:jetbrains:teamcity:9.1.7