CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2023-42793

CVSS 9.8v3.1pub. 2023-09-19upd. 2025-10-24

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jetbrains Teamcity

    APP
    Jetbrains
    < 2023.05.4

CISA KEV — detailsi

Vendori
JetBrains
Producti
TeamCity
Added to KEVi
October 4, 2023
Remediation deadline (US Federal)i
October 25, 2023(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 25 października 2023
Tags
Auth BypassCI/CD
CWE
References

Related vulnerabilities

CVE-2024-27198CRITICAL9.8⚠ KEVPL ✓ten sam produkt

JetBrains TeamCity — Authentication Bypass umożliwiający działania administracyjne

CVE-2024-23917CRITICAL9.8PL ✓ten sam produkt

JetBrains TeamCity: Authentication Bypass umożliwiający RCE

CVE-2023-34218CRITICAL9.1ten sam produkt

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...

CVE-2022-24331CRITICAL9.8ten sam produkt

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.

CVE-2022-24340CRITICAL9.8ten sam produkt

In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.