CVE detail
CVE-2023-42793: JetBrains TeamCity Authentication Bypass Vulnerability
Source: CISA Known Exploited Vulnerabilities catalog · back to feed
Vendor / product
JetBrains · TeamCity
- Date added (KEV)
- Oct 04, 2023
- CISA due date
- Oct 25, 2023
- Ransomware campaign use
- Known
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vendor fix: Vendor advisory
Scorifya interpretation
AI-generatedA short, structured read of the record above — generated when this page first loads, then cached for a week.
Plain English
Technical detail
From CISA
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
https://blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-42793
References
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/Vendor Advisory
- https://www.jetbrains.com/privacy-security/issues-fixed/Vendor Advisory
- http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.htmlExploit
Other recent CVEs from JetBrains
- CVE-2024-27199TeamCity — JetBrains TeamCity Relative Path Traversal Vulnerability
- CVE-2024-27198TeamCity — JetBrains TeamCity Authentication Bypass Vulnerability
Check your domain's public posture
Scorifya doesn't test for specific CVEs, but if patching JetBrains changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.