Warning: Authentication bypass leading to RCE on JetBrains TeamCity server currently exploited, Patch Immediately!
CVE-2023-42793: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
JetBrains - https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability...
Risks
Ransomware gangs are now exploiting a flaw (CVE-2023-42793) that allows unauthenticated attackers to gain remote code execution (RCE). It's an authentication bypass flaw that can be exploited by low-complexity attacks that don't require user Interaction.
The CVE has a score of 9.8 and the Impact on Confidentiality, Integrity and Availability is high.
Description
The critical vulnerability of score 9.8 was discovered by the Sonar team In Jetbrains TeamCity.
According to Jetbrains; if abused, the flaw could enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform a remote code execution (RCE) attack and gain administrative control of the TeamCity server.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to take the following actions:
- Update the TeamCity server to the version: 2023.05.4
Or, when using older TeamCity versions (8.0+) and not able to upgrade quickly enough:
- Install the plugin from the Jetbrains webpage. (https://blog.jetbrains.com/teamcity/2023/09/cve- 2023-42793-vulnerability-post-mortem/)
References
NIST - https://nvd.nist.gov/vuln/detail/CVE-2023-42793
BleepingComputer - https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-expl...
SecurityWeek - https://www.securityweek.com/recently-patched-teamcity-vulnerability-exp...