Cyber Resilience

CVE-2023-42793

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 19 September 2023

Published
19 September 2023
Modified
24 October 2025
KEV Added
04 October 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9291 99.8th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-42793 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Jetbrains Teamcity. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

CVE-2023-42793 is an authentication bypass vulnerability affecting JetBrains TeamCity servers prior to version 2023.05.4. The flaw, assigned CWE-288 and CWE-306, permits unauthenticated network access that leads directly to remote code execution on the TeamCity Server and carries a CVSS 3.1 base score of 9.8.

An attacker with network reachability can exploit the issue without credentials or user interaction to obtain full control of the server, including the ability to read, modify, or delete data and execute arbitrary code. The attack vector is reflected in the CVSS metrics AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

JetBrains published a post-mortem and an updated list of fixed issues recommending immediate upgrade to TeamCity 2023.05.4 or later; additional technical analysis and proof-of-concept material appear in Rapid7 and AttackerKB reporting. The associated EPSS score has remained consistently high, reaching a peak of 0.9749 with a current value of 0.9291.

EU & UK References

Vulnerability details

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible

CWE(s)
KEV Date Added
04 October 2023

Related Threats

Threat-Actor AttributionAI

Cl0p
Cl0p ransomware exploited the TeamCity auth-bypass RCE in mass campaign (CISA KEV, Mandiant/Unit42 reporting).

Affected Assets

jetbrains
teamcity
≤ 2023.05.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and authorization checks that the bypass in CVE-2023-42793 circumvents to reach RCE.

prevent

Requires valid identification and authentication before any access, blocking the unauthenticated network exploitation path.

prevent

Restricts network traffic to the TeamCity server, limiting exposure of the vulnerable authentication endpoints to untrusted sources.

References