CVE-2023-42793

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.4

Description JetBrains TeamCity contains an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access to the server and execute arbitrary code. This vulnerability, identified as CVE-2023-42793, has been actively exploited by multiple threat actors, including those linked to North Korea (Diamond Sleet, Onyx Sleet, Lazarus Group) and Russia (APT29, CozyBear). Successful exploitation can lead to remote code execution, source code theft, and potential supply chain attacks. The vulnerability stems from insufficient access controls to the server's API. Several reports indicate that the vulnerability is being exploited in the wild, with attackers deploying malware and attempting to compromise systems. Approximately 1,200 vulnerable instances have been identified publicly.

Recommendations Update TeamCity to version 2023.05.4 or later. If updating is not immediately possible, install the security patch plugin provided by JetBrains.