Russian Vulnerability Scanner Database

Back to List

CVE-2023-42793

Scores

EPSS Score

0.9457

CVSS

3.x 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0
0.0
CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
0.0

Description

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

Sources

nvd

CWEs

CWE-288

Related Vulnerabilities

BDU:2023-06415

Exploits

Exploit ID: 51884

Source: exploitdb

URL: https://www.exploit-db.com/exploits/51884

Exploit ID: CVE-2023-42793

Source: github-poc

URL: https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml

Reference Links

http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
https://www.jetbrains.com/privacy-security/issues-fixed/
https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
https://www.sonarsource.com/blog/teamcity-vulnerability/
http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html
https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793
https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/
https://www.jetbrains.com/privacy-security/issues-fixed/
https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/
https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/

Vulnerable Software

Type: Configuration

Vendor: jetbrains

Product: teamcity

Operating System: * * *

Trait: 
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "2023.05.4",
      "vulnerable": true
    }
  ],
  "operator": "OR"
}

Source: nvd