JetBrains TeamCity Authentication Bypass (CVE-2023-42793)

Read Time:45 Second

What is the Attack?
Multiple cyberthreat actors seen exploiting the authentication bypass flaw in JetBrains TeamCity that could lead to remote code execution. If compromised, access to a TeamCity server would provide malicious actors with access to the software developer’s source code, signing certificates, and the ability to manipulate software compilation and deployment processes. The malicious actors could further use to conduct supply chain operations.

What is the Vendor Solution?

JetBrains released patch on September 18, 2023 to fix the affected TeamCity software on version 2023.05.4, which can be found here: https://www.jetbrains.com/teamcity/download/other.html.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “JetBrains.TeamCity.CVE-2023-42793.Authentication.Bypass” (with default action is set to “block”) in place and has released Antivirus signatures for the known and related malware to the campaigns targeting the vulnerability (CVE-2023-42793).

Government Backs Britain’s First Cyber Seed Fund, Worth £50m

Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks

Friday Squid Blogging: Two-Man Giant Squid

Cyber Agencies Warn of Fast Flux Threat Bypassing Network Defenses

Troy Hunt Gets Phished

Tj-actions Supply Chain Attack Traced Back to Single GitHub Token Compromise

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Major Online Platform for Child Exploitation Dismantled

CrushFTP Vulnerability Exploited Following Disclosure Issues

JetBrains TeamCity Authentication Bypass (CVE-2023-42793)

php-tcpdf-6.9.1-1.fc40

php-tcpdf-6.9.1-1.fc42

php-tcpdf-6.9.1-1.fc41

perl-Crypt-URandom-Token-0.003-1.fc41 perl-DBIx-Class-EncodedColumn-0.11000-1.fc41

USN-7417-1: libdbd-mysql-perl vulnerabilities

USN-7416-1: Kamailio vulnerabilities