In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJetbrains Teamcity
APPJetbrains< 2023.05.4
CISA KEV — detailsi
- Vendori
- JetBrains ↗
- Producti
- TeamCity
- Added to KEVi
- October 4, 2023
- Remediation deadline (US Federal)i
- October 25, 2023(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server.
Related vulnerabilities
JetBrains TeamCity — Authentication Bypass umożliwiający działania administracyjne
JetBrains TeamCity: Authentication Bypass umożliwiający RCE
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.