In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
The vulnerability classified as CWE-288 (Authentication Bypass Using an Alternate Path) and CWE-306 (Missing Authentication for Critical Function) indicates that the application does not require proper authentication for at least one critical function or provides an alternative access path that bypasses identity control mechanisms. An unauthenticated attacker can remotely exploit this flaw over the network to gain access to protected TeamCity server resources. Consequently, arbitrary code execution on the CI/CD server is possible.
An attacker can gain full control over the TeamCity server without any credentials by executing arbitrary code (RCE), which may lead to CI/CD pipeline compromise, theft of secrets, source code data, and further lateral movement within the organization's infrastructure.
JetBrains TeamCity must be immediately updated to version 2023.11.3 or later. Detailed information about available patches is available in the vendor's references at https://www.jetbrains.com/privacy-security/issues-fixed/
JetBrains TeamCity in all versions before 2023.11.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HJetbrains Teamcity
APPJetbrains< 2023.11.3
Related vulnerabilities
JetBrains TeamCity — Authentication Bypass umożliwiający działania administracyjne
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possibl...
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file was possible.