Login Sign Up

CVE-2023-42793

9.8 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

CVE-2023-42793 is a critical authentication bypass vulnerability in JetBrains TeamCity CI/CD servers that allows unauthenticated attackers to execute arbitrary code remotely. This affects all organizations running vulnerable TeamCity Server instances, potentially compromising their entire build pipelines and deployment infrastructure.

💻 Affected Systems

Products:
  • JetBrains TeamCity
Versions: All versions before 2023.05.4
Operating Systems: All platforms running TeamCity
Default Config Vulnerable: ⚠️ Yes
Notes: All TeamCity Server installations are vulnerable regardless of configuration. TeamCity Cloud instances were automatically patched by JetBrains.

📦 What is this software?

Teamcity by Jetbrains

View all CVEs affecting Teamcity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the TeamCity server leading to full control over build pipelines, credential theft, lateral movement into connected systems, and deployment of malicious artifacts across the entire software supply chain.

🟠

Likely Case

Attackers gain administrative access to TeamCity, steal source code, modify build processes to inject malware, and potentially pivot to connected development and production environments.

🟢

If Mitigated

If isolated in a segmented network with strict access controls, impact may be limited to the TeamCity server itself, though build integrity would still be compromised.

🌐 Internet-Facing: HIGH - Internet-facing TeamCity servers are actively targeted and can be exploited without authentication.
🏢 Internal Only: HIGH - Even internally accessible servers are at risk from compromised internal hosts or insider threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Multiple public exploit scripts are available. Attackers are actively scanning for and exploiting vulnerable instances. The vulnerability requires no authentication or special privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.05.4 and later

Vendor Advisory: https://www.jetbrains.com/privacy-security/issues-fixed/

Restart Required: Yes

Instructions:

1. Backup your TeamCity configuration and data. 2. Download TeamCity 2023.05.4 or later from the JetBrains website. 3. Stop the TeamCity service. 4. Install the new version following JetBrains upgrade documentation. 5. Restart the TeamCity service. 6. Verify the version is updated.

🔧 Temporary Workarounds

Network Isolation

all

Immediately restrict network access to TeamCity servers to only trusted IP addresses and required services.

Use firewall rules to block all external access except from authorized build agents and administrators

Reverse Proxy Authentication

all

Place TeamCity behind a reverse proxy that requires authentication before reaching the vulnerable endpoints.

Configure nginx/apache with authentication in front of TeamCity

🧯 If You Can't Patch

  • Immediately take TeamCity servers offline until they can be patched
  • Implement strict network segmentation and monitor all traffic to/from TeamCity servers for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check TeamCity version in Administration → Server Administration → Global Settings. If version is below 2023.05.4, you are vulnerable.

Check Version:

Check TeamCity web interface at /admin/admin.html?item=diagnostics or examine teamcity-server.log for version information

Verify Fix Applied:

After patching, verify version shows 2023.05.4 or higher in the same location and test that authentication is required for all administrative endpoints.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to /app/rest/users administrative endpoints
  • Unusual user creation or permission changes
  • Suspicious build configuration modifications

Network Indicators:

  • HTTP requests to /app/rest/users without authentication headers
  • Unusual outbound connections from TeamCity server
  • Traffic to known exploit tool IPs

SIEM Query:

source="teamcity.log" AND ("POST /app/rest/users" OR "PUT /app/rest/users" OR "GET /app/rest/users") AND NOT (user!="anonymous")

📊 Metadata

CVE ID: CVE-2023-42793
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-288
Published: September 19, 2023
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42793, you might also want to check these:

CVE-2024-2973 10.0

This CVE-2024-2973 is an authentication bypass vulnerability affecting Juniper Networks Session Smar...

Same vulnerability type (CWE-288)
CVE-2024-1709 10.0

CVE-2024-1709 is an authentication bypass vulnerability in ConnectWise ScreenConnect that allows att...

Same vulnerability type (CWE-288)
CVE-2024-10081 10.0

CVE-2024-10081 is an authentication bypass vulnerability in CodeChecker that allows attackers to gai...

Same vulnerability type (CWE-288)