JetBrains TeamCity Authentication Bypass Vulnerability

Summary

CVE	CVE-2023-42793
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-19 17:15:00 UTC
Updated	2023-10-03 15:44:00 UTC
Description	In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Risk And Classification

EPSS: 0.929130000 probability, percentile 0.997740000 (date 2026-04-21)

CISA KEV: Listed on 2023-10-04; due 2023-10-25; ransomware use Known

Problem Types: CWE-288

CISA Known Exploited Vulnerability

Vendor	JetBrains
Product	TeamCity
Name	JetBrains TeamCity Authentication Bypass Vulnerability
Required Action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes	https://blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-42793

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Jetbrains	Teamcity	All	All	All	All

References

Reference	Source	Link	Tags
JetBrains TeamCity Unauthenticated Remote Code Execution ≈ Packet Storm	MISC	packetstormsecurity.com
CVE-2023-42793 \| AttackerKB	MISC	attackerkb.com
Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers \| Rapid7 Blog	MISC	www.rapid7.com
CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem \| The TeamCity Blog	MISC	blog.jetbrains.com
Recently Patched TeamCity Vulnerability Exploited to Hack Servers - SecurityWeek	MISC	www.securityweek.com
Fixed security issues	MISC	www.jetbrains.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378885 JetBrains TeamCity Authentication Bypass Vulnerability