On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.
TeamCity is a continuous integration/continuous deployment (CI/CD) software platform for automating and managing the development of software. Arctic Wolf is aware of potential exploitation in the wild of this vulnerability and is gathering further intelligence to confirm these reports. Unauthenticated RCE vulnerabilities such as CVE-2023-42793 are an attractive target for threat actors due to the extensive range of malicious actions they can perform once the vulnerability is exploited.
Recommendation for CVE-2023-42793
Upgrade TeamCity On-Premises to 2023.05.04
Arctic Wolf strongly recommends upgrading to version 2023.05.04 of TeamCity On-Premises or using the automatic update option within TeamCity. Please follow your organizations patching and testing guidelines to avoid operational impact.
For users who are unable to upgrade their server to version 2023.05.04, JetBrains has provided a security patch plugin that can be used to patch your environment. The patch plugins can be downloaded below for your respective version of TeamCity:
|TeamCity 2018.2 to 2023.05.3|
|TeamCity 8.0 to 2018.1|
Note: For TeamCity versions older than 2019.2, a server restart is required after the plugin has been installed.