JetBrains TeamCity Authentication Bypass (CVE-2023-42793)

Read Time:45 Second

What is the Attack?
Multiple cyberthreat actors seen exploiting the authentication bypass flaw in JetBrains TeamCity that could lead to remote code execution. If compromised, access to a TeamCity server would provide malicious actors with access to the software developer’s source code, signing certificates, and the ability to manipulate software compilation and deployment processes. The malicious actors could further use to conduct supply chain operations.

What is the Vendor Solution?

JetBrains released patch on September 18, 2023 to fix the affected TeamCity software on version 2023.05.4, which can be found here: https://www.jetbrains.com/teamcity/download/other.html.

What FortiGuard Coverage is available?

FortiGuard Labs has an IPS signature “JetBrains.TeamCity.CVE-2023-42793.Authentication.Bypass” (with default action is set to “block”) in place and has released Antivirus signatures for the known and related malware to the campaigns targeting the vulnerability (CVE-2023-42793).

Apps That Are Spying on Your Location

Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer

Slovakia Hit by Historic Cyber-Attack on Land Registry

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Medusind Breach Exposes Sensitive Patient Data

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

Zero-Day Vulnerability in Ivanti VPN

JetBrains TeamCity Authentication Bypass (CVE-2023-42793)

stb-0^20241002git31707d1-5.el10_0

stb-0^20241002git31707d1-4.fc40

Ivanti Connect Secure Zero-Day Vulnerability

USN-7198-1: rlottie vulnerabilities

stb-0^20241002git31707d1-5.fc41

Multiple vulnerabilities in SonicWall SonicOS could allow a remote attacker to bypass authentication.