Security News > 2023 > September > Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers

Critical JetBrains TeamCity Flaw Could Expose Source Code and Build Pipelines to Attackers
2023-09-26 05:00

A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6,


News URL

https://thehackernews.com/2023/09/critical-jetbrains-teamcity-flaw-could.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2023-42793 Authentication Bypass Using an Alternate Path or Channel vulnerability in Jetbrains Teamcity
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
network
low complexity
jetbrains CWE-288
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Jetbrains 32 28 275 59 16 378