Researchers caught a serious security flaw in JetBrains TeamCity software that could allow unauthenticated code execution attacks. JetBrains patched the vulnerability following the bug report, urging users to update their servers as soon as possible.
JetBrains TeamCity Flaw Could Allow Remote Code Execution
Exploiting the flaw could allow an unauthenticated, remote adversary to execute codes on the target servers. In the worst-case scenario, an attacker could even gain elevated privileges, such as system privileges, on the victim servers, gaining access to sensitive data, including source codes.
As explained, the vulnerability, CVE-2023-42793, existed due to an authentication bypass. While the researchers haven’t shared the technical details about the flaw yet, they did confirm that exploiting the flaw is trivial, indicating its likeliness for exploitation in the wild.
Besides the researchers also demonstrated the vulnerability exploits in the following video, explaining how an attacker may gain elevated privileges to access sensitive data. This allows the adversary to steal stored service secrets and private keys, inject malicious codes into build processes that could indirectly impact the customers with malicious releases, and steal source codes.
Specifically, an attacker could perform all these actions without a valid account on the target instance, requiring no user interaction to exploit the flaw.
JetBrains Patched The Vulnerability
After discovering the vulnerability, the researchers reported the matter to JetBrains, following which the vendors patched the flaw.
According to their advisory, the patch has been released with TeamCity On-Premises version 2023.05.4. JetBrains clarified that the vulnerability did not affect TeamCity Cloud; still, they upgraded the Cloud servers to the latest versions.
As for TeamCity On-Premises, the vendors urge the users to update their servers with the latest software release to receive the security fix. For situations where updating servers isn’t possible, JetBrains has also released a security patch plugin supporting TeamCity 8.0+ to address the flaw.
Let us know your thoughts in the comments.