virus logo Threat Signal Report

JetBrains TeamCity Authentication Bypass (CVE-2023-42793)

Description

What is the Attack? Multiple cyberthreat actors seen exploiting the authentication bypass flaw in JetBrains TeamCity that could lead to remote code execution. If compromised, access to a TeamCity server would provide malicious actors with access to the software developer's source code, signing certificates, and the ability to manipulate software compilation and deployment processes. The malicious actors could further use to conduct supply chain operations.
What is the Vendor Solution? JetBrains released patch on September 18, 2023 to fix the affected TeamCity software on version 2023.05.4, which can be found here: https://www.jetbrains.com/teamcity/download/other.html.
What FortiGuard Coverage is available? FortiGuard Labs has an IPS signature "JetBrains.TeamCity.CVE-2023-42793.Authentication.Bypass" (with default action is set to "block") in place and has released Antivirus signatures for the known and related malware to the campaigns targeting the vulnerability (CVE-2023-42793).

description-logoOutbreak Alert

Multiple Threat actors seen exploiting the authentication bypass flaw in JetBrains TeamCity that could lead to remote code execution. If compromised, they can access a TeamCity server, gaining entry to a software developer's source code, signing certificates, and the power to manipulate software building and deployment procedures. This access could also be misused by these malicious actors to carry out supply chain operations.

View the full Outbreak Alert Report

Telemetry

Date Dec 15, 2023
Outbreak Alert JetBrains TeamCity RCE
CVE ID CVE-2023-42793
Threat/
Vulnerability		 Vulnerability
Threat Actor Type APT-29
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert