CVE-2023-42793
Published on: 09/19/2023 05:15:00 PM UTC
Last Modified on: 10/03/2023 03:44:00 PM UTC
Certain versions of Teamcity from Jetbrains contain the following vulnerability:
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
- CVE-2023-42793 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity. - Affected Vendor/Software:
JetBrains - TeamCity version < 2023.05.4
CVSS3 Score: 9.8 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| JetBrains TeamCity Unauthenticated Remote Code Execution ≈ Packet Storm | packetstormsecurity.com text/html |
|
| CVE-2023-42793 | AttackerKB | attackerkb.com text/html |
|
| Critical Authentication Bypass in JetBrains TeamCity CI/CD Servers | Rapid7 Blog | www.rapid7.com text/html |
|
| CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem | The TeamCity Blog | blog.jetbrains.com text/html |
|
| Recently Patched TeamCity Vulnerability Exploited to Hack Servers - SecurityWeek | www.securityweek.com text/html |
|
| Fixed security issues | www.jetbrains.com text/html |
|
Related QID Numbers
- 378885 JetBrains TeamCity Authentication Bypass Vulnerability
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Jetbrains | Teamcity | All | All | All | All |
- cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE