Critical Vulnerability in TeamCity CI/CD Server Could Lead to Remote Server Takeover

September 25, 2023

A severe security flaw has been identified in the TeamCity CI/CD server, a build management and continuous integration platform developed by JetBrains. The vulnerability, identified as CVE-2023-42793, could allow unauthenticated attackers to remotely execute code and take control of vulnerable servers. The flaw is particularly severe as it impacts the on-premises version of TeamCity and can be exploited over an HTTP(S) connection without requiring user interaction. The bug was discovered by code security firm Sonar Source.

The company explained, “This enables attackers not only to steal source code but also stored service secrets and private keys. And it’s even worse: With access to the build process, attackers can inject malicious code, compromising the integrity of software releases and impacting all downstream users.” CI/CD servers like TeamCity automate the software development process, meaning they have access to an organization’s source code and other sensitive information associated with the building, testing, and deployment processes.

According to JetBrains, all on-premises instances of TeamCity up to and including version 2023.05.3 are affected by this vulnerability. However, the cloud version of TeamCity is not impacted. The flaw was rectified in TeamCity version 2023.05.4. JetBrains also released a security patch plugin for TeamCity versions 8.0 and upwards, but stated it would not backport the fix.

JetBrains advised, “The security patch plugin will only address the RCE vulnerability described above. We always recommend users upgrade their servers to the latest version to benefit from many other security updates.” Servers that are accessible from the internet should be patched immediately or made inaccessible until the patch is installed.

Both JetBrains and Sonar have withheld technical details about the vulnerability for now. However, Sonar warned that the bug is easy to exploit and it is likely that exploitation in the wild will be observed.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.